Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security bug with Commons FileUpload package in pom.xml #2127

Open
wifun opened this issue Nov 25, 2019 · 1 comment
Open

Security bug with Commons FileUpload package in pom.xml #2127

wifun opened this issue Nov 25, 2019 · 1 comment

Comments

@wifun
Copy link

wifun commented Nov 25, 2019

"The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string."

Recommendation is to upgrade to version Apache Commons Fileupload - 1.3.2

Location

ng-file-upload/demo/pom.xml

Sources

https://bugzilla.redhat.com/show_bug.cgi?id=1349468
https://www.debian.org/security/2016/dsa-3614
@prabirshrestha
Copy link

Or even better if demo folder doesn't ship in npm package.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@prabirshrestha @wifun