Uploaded image for project: 'Tapestry 5'
  1. Tapestry 5
  2. TAP5-2295

Vulnerability in Tapestry-upload module due to commons-file-upload

    Details

      Description

      Just found that commons-file-upload < 1.3.1 has a bug that can create a DOS attack .

      For more information, see
      http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html

      I do believe commons-file-upload 1.2.2 it's been used in tapestry-upload since version 5.2 at least, or even older.

      So recommended option is to update dependency to commons-file-upload-1.3.1.jar

        Attachments

          Activity

            People

            • Assignee:
              bobharner Bob Harner
              Reporter:
              josetesan jose luis sanchez
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: