Apache Commons FileUpload prior to 1.5 does not limit the number of request parts to be processed, resulting in the possibility of an attacker triggering a Denial of Service (DoS) with a malicious upload or series of uploads. Note that, like all the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.
HIGH Vulnerable Package issue exists @ org.apache.tomcat:tomcat-coyote in branch refs/heads/master
Description
Apache Commons FileUpload prior to 1.5 does not limit the number of request parts to be processed, resulting in the possibility of an attacker triggering a Denial of Service (DoS) with a malicious upload or series of uploads. Note that, like all the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.
HIGH Vulnerable Package issue exists @ org.apache.tomcat:tomcat-coyote in branch refs/heads/master
Vulnerability ID: CVE-2023-24998
Package Name: org.apache.tomcat:tomcat-coyote
Severity: HIGH
CVSS Score: 7.5
Publish Date: 2023-02-20T16:15:00
Current Package Version: 9.0.22
Remediation Upgrade Recommendation: 9.0.90
Link To SCA
Reference – NVD link