Security bug with Commons FileUpload package in pom.xml - Githubissues

danialfarid / ng-file-upload

Lightweight Angular directive to upload files with optional FileAPI shim for cross browser support

MIT License

7.87k stars 1.6k forks source link

Security bug with Commons FileUpload package in pom.xml #2127

Open wifun opened 4 years ago

wifun commented 4 years ago

"The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string."

Recommendation is to upgrade to version Apache Commons Fileupload - 1.3.2

Location

ng-file-upload/demo/pom.xml

Sources

https://bugzilla.redhat.com/show_bug.cgi?id=1349468 https://www.debian.org/security/2016/dsa-3614

prabirshrestha commented 4 years ago

Or even better if demo folder doesn't ship in npm package.