GHSA-hfrx-6qgj-fp6c

Source
https://github.com/advisories/GHSA-hfrx-6qgj-fp6c
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-hfrx-6qgj-fp6c/GHSA-hfrx-6qgj-fp6c.json
Aliases
  • CVE-2023-24998
Published
2023-02-20T18:30:17Z
Modified
2024-03-11T17:46:00.763808Z
Details

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.

References

Affected packages

Maven / commons-fileupload:commons-fileupload

Package

Name
commons-fileupload:commons-fileupload

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
1.5

Affected versions

1.*

1.0-beta-1
1.0-rc1
1.0
1.1
1.1.1
1.2
1.2.1
1.2.2
1.3
1.3.1
1.3.1-jenkins-1
1.3.1-jenkins-2
1.3.2
1.3.3
1.4

Maven / org.apache.tomcat:tomcat

Package

Name
org.apache.tomcat:tomcat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10.1.0-M1
Fixed
10.1.5

Affected versions

10.*

10.1.0-M1
10.1.0-M2
10.1.0-M4
10.1.0-M5
10.1.0-M6
10.1.0-M7
10.1.0-M8
10.1.0-M10
10.1.0-M11
10.1.0-M12
10.1.0-M14
10.1.0-M15
10.1.0-M16
10.1.0-M17
10.1.0
10.1.1
10.1.2
10.1.4

Maven / org.apache.tomcat:tomcat

Package

Name
org.apache.tomcat:tomcat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11.0.0-M2
Fixed
11.0.0-M5

Affected versions

11.*

11.0.0-M3
11.0.0-M4

Maven / org.apache.tomcat:tomcat

Package

Name
org.apache.tomcat:tomcat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.5.85
Fixed
8.5.88

Affected versions

8.*

8.5.85
8.5.86
8.5.87

Maven / org.apache.tomcat:tomcat

Package

Name
org.apache.tomcat:tomcat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
9.0.0-M1
Fixed
9.0.71

Affected versions

9.*

9.0.0.M1
9.0.0.M3
9.0.0.M4
9.0.0.M6
9.0.0.M8
9.0.0.M9
9.0.0.M10
9.0.0.M11
9.0.0.M13
9.0.0.M15
9.0.0.M17
9.0.0.M18
9.0.0.M19
9.0.0.M20
9.0.0.M21
9.0.0.M22
9.0.0.M25
9.0.0.M26
9.0.0.M27
9.0.1
9.0.2
9.0.4
9.0.5
9.0.6
9.0.7
9.0.8
9.0.10
9.0.11
9.0.12
9.0.13
9.0.14
9.0.16
9.0.17
9.0.19
9.0.20
9.0.21
9.0.22
9.0.24
9.0.26
9.0.27
9.0.29
9.0.30
9.0.31
9.0.33
9.0.34
9.0.35
9.0.36
9.0.37
9.0.38
9.0.39
9.0.40
9.0.41
9.0.43
9.0.44
9.0.45
9.0.46
9.0.48
9.0.50
9.0.52
9.0.53
9.0.54
9.0.55
9.0.56
9.0.58
9.0.59
9.0.60
9.0.62
9.0.63
9.0.64
9.0.65
9.0.67
9.0.68
9.0.69
9.0.70