Details
Description
Versions Affected:
Apache Commons FileUpload 1.0-beta-1 to 1.4
Description:
Apache Commons FileUpload before 1.5 does not limit the number of
request parts to be processed resulting in the possibility of an
attacker triggering a DoS with a malicious upload or series of uploads.
Mitigation:
Users of the affected versions should apply one of the following
mitigations:
- Upgrade to Apache Commons FileUpload 1.5 or later
Credit:
This issue was identified by Jakob Ackermann and reported responsibly to
the Apache Commons Security Team.
History:
2023-02-20 Original advisory