-
Bug
-
Resolution: Done
-
Major
-
None
-
None
-
https://github.com/undertow-io/undertow/pull/1523, https://github.com/undertow-io/undertow/pull/1521, https://gitlab.cee.redhat.com/undertow-io/undertow/-/commit/ff55aa5bb73c772048d7e8edce46875f0609abc5, https://gitlab.cee.redhat.com/undertow-io/undertow/-/commit/99348adc40c7e33f35f3c167db1a14081a012322, https://gitlab.cee.redhat.com/undertow-io/undertow/-/merge_requests/74, https://gitlab.cee.redhat.com/undertow-io/undertow/-/merge_requests/107, https://gitlab.cee.redhat.com/undertow-io/undertow/-/merge_requests/111
There exists a security vulnerability in Undertow that can cause remote DoS attacks.
Servlets with multipart support (e.g. annotated with @MultipartConfig) that call HttpServletRequest.getParameter() or HttpServletRequest.getParts() may cause OutOfMemoryError when the client sends a multipart request with a part that has a very large content.
- causes
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
- is incorporated by
-
WFCORE-6555 CVE-2023-3223 Upgrade Undertow to 2.3.9.Final
-
- Resolved
-
- relates to
-
UNDERTOW-2319 Move io.undertow.multipart.minsize property to UndertowOptions
-
- Pull Request Sent
-