Note new limit is not enabled by default
This commit is contained in:
parent
52410bd989
commit
c4f32a1329
|
@ -56,10 +56,12 @@
|
||||||
<p><b>Important: Denial of Service</b> <a
|
<p><b>Important: Denial of Service</b> <a
|
||||||
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24998">CVE-2023-24998</a></p>
|
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24998">CVE-2023-24998</a></p>
|
||||||
|
|
||||||
<p>Apache Commons FileUpload before 1.5 does not limit the number of
|
<p>Apache Commons FileUpload before 1.5 does not provide an option to
|
||||||
request parts to be processed resulting in the possibility of an
|
limit the number of request parts to be processed resulting in the
|
||||||
attacker triggering a DoS with a malicious upload or series of
|
possibility of an attacker triggering a DoS with a malicious upload or
|
||||||
uploads.</p>
|
series of uploads. Note that, like all of the file upload limits, the
|
||||||
|
new configuration option (FileUploadBase#setFileCountMax) is not
|
||||||
|
enabled by default and must be explicitly configured.</p>
|
||||||
|
|
||||||
<p>This was fixed in commit
|
<p>This was fixed in commit
|
||||||
<a href="https://github.com/apache/commons-fileupload/commit/e20c04990f7420ca917e96a84cec58b13a1b3d17"
|
<a href="https://github.com/apache/commons-fileupload/commit/e20c04990f7420ca917e96a84cec58b13a1b3d17"
|
||||||
|
|
Loading…
Reference in New Issue