[ 
https://issues.apache.org/jira/browse/TOMEE-4187?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Richard Zowalla closed TOMEE-4187.
----------------------------------
    Fix Version/s:     (was: 10.0.0-M1)
                       (was: 8.0.15)
                       (was: 9.1.0)
       Resolution: Fixed

> Commons FileUpload 1.5
> ----------------------
>
>                 Key: TOMEE-4187
>                 URL: https://issues.apache.org/jira/browse/TOMEE-4187
>             Project: TomEE
>          Issue Type: Dependency upgrade
>    Affects Versions: 8.0.14, 9.0.0
>            Reporter: Richard Zowalla
>            Assignee: Richard Zowalla
>            Priority: Major
>              Labels: CVE
>             Fix For: 10.0.0
>
>
> Versions Affected:
> Apache Commons FileUpload 1.0-beta-1 to 1.4
> Description:
> Apache Commons FileUpload before 1.5 does not limit the number of 
> request parts to be processed resulting in the possibility of an 
> attacker triggering a DoS with a malicious upload or series of uploads.
> Mitigation:
> Users of the affected versions should apply one of the following
> mitigations:
> - Upgrade to Apache Commons FileUpload 1.5 or later
> Credit:
> This issue was identified by Jakob Ackermann and reported responsibly to 
> the Apache Commons Security Team.
> History:
> 2023-02-20 Original advisory



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to