Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-9053

Upgrade fileupload-commons to 1.3.1

    Details

      Description

      The project appears to pull in FileUpload 1.2.1. According to CVE-2014-0050:

      "MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions."

      Source

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                janhoy Jan Høydahl
                Reporter:
                jfield Jeff Field
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: