GHSA-xx68-jfcg-xmmf

Suggest an improvement
Source
https://github.com/advisories/GHSA-xx68-jfcg-xmmf
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/12/GHSA-xx68-jfcg-xmmf/GHSA-xx68-jfcg-xmmf.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-xx68-jfcg-xmmf
Aliases
Published
2018-12-21T17:51:42Z
Modified
2024-03-05T19:16:23.409690Z
Summary
Commons FileUpload Denial of service vulnerability
Details

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.

References

Affected packages

Maven / commons-fileupload:commons-fileupload

Package

Name
commons-fileupload:commons-fileupload
View open source insights on deps.dev
Purl
pkg:maven/commons-fileupload/commons-fileupload

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.1

Affected versions

1.*

1.0-beta-1
1.0-rc1
1.0
1.1
1.1.1
1.2
1.2.1
1.2.2
1.3

Maven / org.apache.tomcat:tomcat

Package

Name
org.apache.tomcat:tomcat
View open source insights on deps.dev
Purl
pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.0.0-RC1
Fixed
8.0.3

Affected versions

8.*

8.0.0-RC1
8.0.0-RC3
8.0.0-RC5
8.0.0-RC10
8.0.1

Database specific

{
    "last_known_affected_version_range": "<= 8.0.1"
}

Maven / org.apache.tomcat:tomcat

Package

Name
org.apache.tomcat:tomcat
View open source insights on deps.dev
Purl
pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
7.0.0
Fixed
7.0.52

Affected versions

7.*

7.0.35
7.0.37
7.0.39
7.0.40
7.0.41
7.0.42
7.0.47
7.0.50

Database specific

{
    "last_known_affected_version_range": "<= 7.0.50"
}