You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by "Richard Zowalla (Jira)" <ji...@apache.org> on 2023/04/25 18:29:00 UTC
[jira] [Updated] (TOMEE-4187) Commons FileUpload 1.5
[ https://issues.apache.org/jira/browse/TOMEE-4187?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Richard Zowalla updated TOMEE-4187:
-----------------------------------
Fix Version/s: 9.1.0
> Commons FileUpload 1.5
> ----------------------
>
> Key: TOMEE-4187
> URL: https://issues.apache.org/jira/browse/TOMEE-4187
> Project: TomEE
> Issue Type: Dependency upgrade
> Affects Versions: 9.0.0, 8.0.14
> Reporter: Richard Zowalla
> Assignee: Richard Zowalla
> Priority: Major
> Labels: CVE
> Fix For: 10.0.0, 9.0.1, 8.0.15, 9.1.0
>
>
> Versions Affected:
> Apache Commons FileUpload 1.0-beta-1 to 1.4
> Description:
> Apache Commons FileUpload before 1.5 does not limit the number of
> request parts to be processed resulting in the possibility of an
> attacker triggering a DoS with a malicious upload or series of uploads.
> Mitigation:
> Users of the affected versions should apply one of the following
> mitigations:
> - Upgrade to Apache Commons FileUpload 1.5 or later
> Credit:
> This issue was identified by Jakob Ackermann and reported responsibly to
> the Apache Commons Security Team.
> History:
> 2023-02-20 Original advisory
--
This message was sent by Atlassian Jira
(v8.20.10#820010)