This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 1.x
in repository https://gitbox.apache.org/repos/asf/commons-fileupload.git
The following commit(s) were added to refs/heads/1.x by this push:
new 52410bd Add details of CVE-2023-24998
52410bd is described below
commit 52410bd989b2661aab2d9f24cd2cec0501bb82b3
Author: Mark Thomas <[email protected]>
AuthorDate: Mon Feb 20 15:47:50 2023 +0000
Add details of CVE-2023-24998
---
src/site/xdoc/security-reports.xml | 22 +++++++++++++++++++---
1 file changed, 19 insertions(+), 3 deletions(-)
diff --git a/src/site/xdoc/security-reports.xml
b/src/site/xdoc/security-reports.xml
index 558410a..df95e0f 100644
--- a/src/site/xdoc/security-reports.xml
+++ b/src/site/xdoc/security-reports.xml
@@ -52,6 +52,22 @@
href="http://commons.apache.org/security.html";>security page
of the Apache Commons project</a>.</p>
+ <subsection name="Fixed in Apache Commons FileUpload 1.5">
+ <p><b>Important: Denial of Service</b> <a
+
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24998";>CVE-2023-24998</a></p>
+
+ <p>Apache Commons FileUpload before 1.5 does not limit the number of
+ request parts to be processed resulting in the possibility of an
+ attacker triggering a DoS with a malicious upload or series of
+ uploads.</p>
+
+ <p>This was fixed in commit
+ <a
href="https://github.com/apache/commons-fileupload/commit/e20c04990f7420ca917e96a84cec58b13a1b3d17";
+ >e20c0499</a>.</p>
+
+ <p>Affects: 1.0? - 1.4</p>
+ </subsection>
+
<subsection name="Notes on Apache Commons FileUpload 1.3.3">
<p>
Regarding potential security problems with the class called
DiskFileItem,
@@ -91,7 +107,7 @@
boundary is close to the size of the buffer in MultipartStream. This
is also fixed
for <a href="https://tomcat.apache.org/security.html";>Apache
Tomcat</a>.</p>
- <p>This was fixed in revisions
+ <p>This was fixed in revision
<a
href="http://svn.apache.org/viewvc?view=revision&revision=1743480";>1743480</a>.</p>
<p>Affects: 1.0? - 1.3.1</p>
@@ -107,7 +123,7 @@
loop and CPU consumption) via a crafted Content-Type header that
bypasses a loop's intended
exit conditions.</p>
- <p>This was fixed in revisions
+ <p>This was fixed in revision
<a
href="http://svn.apache.org/viewvc?view=revision&revision=1565143";>1565143</a>.</p>
<p>Affects: 1.0? - 1.3</p>
@@ -121,7 +137,7 @@
<p>Update the Javadoc and documentation to make it clear that
setting a repository
is required for a secure configuration if there are local, untrusted
users.</p>
- <p>This was fixed in revisions
+ <p>This was fixed in revision
<a
href="http://svn.apache.org/viewvc?view=revision&revision=1453273";>1453273</a>.</p>
<p>Affects: 1.0 - 1.2.2</p>
