"The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string."
Recommendation is to upgrade to version Apache Commons Fileupload - 1.3.2
"The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string."
Recommendation is to upgrade to version Apache Commons Fileupload - 1.3.2
Location
ng-file-upload/demo/pom.xml
Sources
https://bugzilla.redhat.com/show_bug.cgi?id=1349468 https://www.debian.org/security/2016/dsa-3614