Richard Zowalla created TOMEE-4187:
--------------------------------------
Summary: Commons FileUpload 1.5
Key: TOMEE-4187
URL: https://issues.apache.org/jira/browse/TOMEE-4187
Project: TomEE
Issue Type: Dependency upgrade
Affects Versions: 8.0.14, 9.0.0
Reporter: Richard Zowalla
Assignee: Richard Zowalla
Fix For: 10.0.0, 9.0.1, 8.0.15
Versions Affected:
Apache Commons FileUpload 1.0-beta-1 to 1.4
Description:
Apache Commons FileUpload before 1.5 does not limit the number of
request parts to be processed resulting in the possibility of an
attacker triggering a DoS with a malicious upload or series of uploads.
Mitigation:
Users of the affected versions should apply one of the following
mitigations:
- Upgrade to Apache Commons FileUpload 1.5 or later
Credit:
This issue was identified by Jakob Ackermann and reported responsibly to
the Apache Commons Security Team.
History:
2023-02-20 Original advisory
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
