[
https://issues.apache.org/jira/browse/TOMEE-4187?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Richard Zowalla resolved TOMEE-4187.
------------------------------------
Resolution: Fixed
> Commons FileUpload 1.5
> ----------------------
>
> Key: TOMEE-4187
> URL: https://issues.apache.org/jira/browse/TOMEE-4187
> Project: TomEE
> Issue Type: Dependency upgrade
> Affects Versions: 9.0.0, 8.0.14
> Reporter: Richard Zowalla
> Assignee: Richard Zowalla
> Priority: Major
> Labels: CVE
> Fix For: 10.0.0, 9.0.1, 8.0.15
>
>
> Versions Affected:
> Apache Commons FileUpload 1.0-beta-1 to 1.4
> Description:
> Apache Commons FileUpload before 1.5 does not limit the number of
> request parts to be processed resulting in the possibility of an
> attacker triggering a DoS with a malicious upload or series of uploads.
> Mitigation:
> Users of the affected versions should apply one of the following
> mitigations:
> - Upgrade to Apache Commons FileUpload 1.5 or later
> Credit:
> This issue was identified by Jakob Ackermann and reported responsibly to
> the Apache Commons Security Team.
> History:
> 2023-02-20 Original advisory
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
