[ https://issues.apache.org/jira/browse/SOLR-9053?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jan Høydahl resolved SOLR-9053. ------------------------------- Resolution: Fixed Fixed for 6.1 and master. Remember to backport if there will be another 5.x release. > Upgrade fileupload-commons to 1.3.1 > ----------------------------------- > > Key: SOLR-9053 > URL: https://issues.apache.org/jira/browse/SOLR-9053 > Project: Solr > Issue Type: Improvement > Components: security > Affects Versions: 4.6, 5.5, trunk > Reporter: Jeff Field > Assignee: Jan Høydahl > Labels: commons-file-upload > Fix For: 6.1 > > Attachments: SOLR-9053.patch > > > The project appears to pull in FileUpload 1.2.1. According to CVE-2014-0050: > "MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in > Apache Tomcat, JBoss Web, and other products, allows remote attackers to > cause a denial of service (infinite loop and CPU consumption) via a crafted > Content-Type header that bypasses a loop's intended exit conditions." > [Source|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050] -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org