[TOMEE-4187] Commons FileUpload 1.5 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Dependency upgrade
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 8.0.14, 9.0.0
Fix Version/s: 8.0.15, 10.0.0-M1, 9.1.0
Component/s: None
Labels:
- CVE

Description

Versions Affected:
Apache Commons FileUpload 1.0-beta-1 to 1.4

Description:
Apache Commons FileUpload before 1.5 does not limit the number of
request parts to be processed resulting in the possibility of an
attacker triggering a DoS with a malicious upload or series of uploads.

Mitigation:
Users of the affected versions should apply one of the following
mitigations:

Upgrade to Apache Commons FileUpload 1.5 or later

Credit:
This issue was identified by Jakob Ackermann and reported responsibly to
the Apache Commons Security Team.

History:
2023-02-20 Original advisory

Attachments

Activity

People

Assignee:: Richard Zowalla

Reporter:: Richard Zowalla

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 20/Feb/23 17:34

Updated:: 06/Jun/23 05:50

Resolved:: 20/Feb/23 17:39