jonesde
commented
1 year ago Updated to 1.5 in commit fba80060556fe669c01984490e98eaf6c45f9b5d
Closed mend-bolt-for-github[bot] closed 1 year ago
jonesde
commented
1 year ago Updated to 1.5 in commit fba80060556fe669c01984490e98eaf6c45f9b5d
CVE-2023-24998 - High Severity Vulnerability
The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.
Library home page: http://commons.apache.org/proper/commons-fileupload/
Dependency Hierarchy: - :x: **commons-fileupload-1.4.jar** (Vulnerable Library)
Found in HEAD commit: ec7922336e11b40c9d5e2debecc29b1f2deab3c2
Found in base branch: master
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.
Publish Date: 2023-02-20
URL: CVE-2023-24998
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://tomcat.apache.org/security-10.html
Release Date: 2023-02-20
Fix Resolution: 1.5
Step up your Open Source Security Game with Mend here