oss-sec mailing list archives
CVE-2023-24998: Apache Commons FileUpload: FileUpload DoS with excessive parts
From: Mark Thomas <markt () apache org>
Date: Mon, 20 Feb 2023 15:58:05 +0000
Severity: important Description:Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.
Credit: Jakob Ackermann (finder) References: https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy https://commons.apache.org/ https://www.cve.org/CVERecord?id=CVE-2023-24998
Current thread:
- CVE-2023-24998: Apache Commons FileUpload: FileUpload DoS with excessive parts Mark Thomas (Feb 20)