github-actions[bot]
commented
4 days ago Issue still exists.
Open github-actions[bot] opened 1 month ago
github-actions[bot]
commented
4 days ago Issue still exists.
Description
A flaw was found in undertow versions through 2.2.26.Final, and 2.3.0.Alpha1 through 2.3.8.Final. Servlets annotated with '@MultipartConfig' may cause an 'OutOfMemoryError' due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses 'fileSizeThreshold' to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.
HIGH Vulnerable Package issue exists @ io.undertow:undertow-core in branch refs/heads/master
Vulnerability ID: CVE-2023-3223
Package Name: io.undertow:undertow-core
Severity: HIGH
CVSS Score: 7.5
Publish Date: 2023-09-27T15:18:00
Current Package Version: 2.0.9.Final
Remediation Upgrade Recommendation: 2.2.36.Final
Link To SCA
Reference – NVD link