CVE: 2023-24998 found in Apache Commons FileUpload - Version: 1.3.2 [JAVA]

[github-actions[bot]]

Veracode Software Composition Analysis

Attribute	Details
Library	Apache Commons FileUpload
Description	The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.
Language	JAVA
Vulnerability	Denial Of Service (DoS)
Vulnerability description	Apache Commons FileUpload is vulnerable to Denial Of Service (DoS). The vulnerability exists because the default configuration doesn't limit the number of request parts to be processed which allows an attacker to submit an upload with unlimited file parts, resulting in Denial of Service.
CVE	2023-24998
CVSS score	5
Vulnerability present in version/s	1.0-rc1-1.4
Found library version/s	1.3.2
Vulnerability fixed in version	1.5
Library latest version	1.5
Fix

Links:

• https://sca.analysiscenter.veracode.com/vulnerability-database/libraries/115?version=1.3.2
• https://sca.analysiscenter.veracode.com/vulnerability-database/vulnerabilities/39403
• Patch: https://github.com/apache/commons-fileupload/commit/e20c04990f7420ca917e96a84cec58b13a1b3d17

[github-actions[bot]]

Veracode issue link to PR: https://github.com/tsaekao/verademo-java/pull/2

[github-actions[bot]]

Veracode issue link to PR: https://github.com/tsaekao/verademo-java/pull/43