You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@ofbiz.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2023/02/21 08:11:00 UTC

[jira] [Commented] (OFBIZ-12766) CVE-2023-24998 Apache Commons FileUpload and Tomcat - DoS with excessive parts

    [ https://issues.apache.org/jira/browse/OFBIZ-12766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17691449#comment-17691449 ] 

ASF subversion and git services commented on OFBIZ-12766:
---------------------------------------------------------

Commit 42bdd084e681268d8301f9c586c13eea5afd6d9b in ofbiz-framework's branch refs/heads/trunk from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=42bdd084e6 ]

Fixed: CVE-2023-24998 Apache Commons FileUpload and Tomcat - DoS with excessive parts  (OFBIZ-12766)

See
https://commons.apache.org/proper/commons-fileupload/security-reports.html
https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.71
for details


> CVE-2023-24998 Apache Commons FileUpload and Tomcat - DoS with excessive parts 
> -------------------------------------------------------------------------------
>
>                 Key: OFBIZ-12766
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-12766
>             Project: OFBiz
>          Issue Type: Task
>          Components: framework/security, tomcat
>    Affects Versions: 22.01.01
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>            Priority: Major
>
> See
> https://commons.apache.org/proper/commons-fileupload/security-reports.html
> https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.71



--
This message was sent by Atlassian Jira
(v8.20.10#820010)