nanoboot-forks
/
commons-fileupload
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Note new limit is not enabled by default

This commit is contained in:
Mark Thomas 2023-02-20 17:08:55 +00:00
parent 52410bd989
commit c4f32a1329
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/site/xdoc/security-reports.xml
View File

@ -56,10 +56,12 @@
<p><b>Important: Denial of Service</b> <a <p><b>Important: Denial of Service</b> <a
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24998">CVE-2023-24998</a></p> href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24998">CVE-2023-24998</a></p>
<p>Apache Commons FileUpload before 1.5 does not limit the number of <p>Apache Commons FileUpload before 1.5 does not provide an option to
request parts to be processed resulting in the possibility of an limit the number of request parts to be processed resulting in the
attacker triggering a DoS with a malicious upload or series of possibility of an attacker triggering a DoS with a malicious upload or
uploads.</p> series of uploads. Note that, like all of the file upload limits, the
new configuration option (FileUploadBase#setFileCountMax) is not
enabled by default and must be explicitly configured.</p>
<p>This was fixed in commit <p>This was fixed in commit
<a href="https://github.com/apache/commons-fileupload/commit/e20c04990f7420ca917e96a84cec58b13a1b3d17" <a href="https://github.com/apache/commons-fileupload/commit/e20c04990f7420ca917e96a84cec58b13a1b3d17"