[SOLR-9053] Upgrade fileupload-commons to 1.3.1 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 4.6, 5.5, 6.0
Fix Version/s: 5.5.2, 5.6, 6.0.1, 6.1
Component/s: security
Labels:
- commons-file-upload

Description

The project appears to pull in FileUpload 1.2.1. According to CVE-2014-0050:

"MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions."

Source

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

SOLR-9053.patch
02/May/16 15:45
3 kB
Mike Drob

Issue Links

is cloned by

SOLR-9819 Upgrade commons-fileupload to 1.3.2

Resolved

Activity

People

Assignee:: Jan Høydahl

Reporter:: Terra Field

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 01/May/16 22:47

Updated:: 02/Dec/16 17:13

Resolved:: 17/Jun/16 22:20