CVE-2023-24998 Apache Commons FileUpload - DoS with excessive parts
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Commons FileUpload 1.0-beta-1 to 1.4
Description:
Apache Commons FileUpload before 1.5 does not limit the number of
request parts to be processed resulting in the possibility of an
attacker triggering a DoS with a malicious upload or series of uploads.
Mitigation:
Users of the affected versions should apply one of the following
mitigations:
- Upgrade to Apache Commons FileUpload 1.5 or later
Credit:
This issue was identified by Jakob Ackermann and reported responsibly to
the Apache Commons Security Team.
History:
2023-02-20 Original advisory
References:
[1]
https://commons.apache.org/proper/commons-fileupload/security-reports.html
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@commons.apache.org
For additional commands, e-mail: user-h...@commons.apache.org