CVE-2023-24998 FileUpload DoS. Analysis of vulnerability

Description

https://nvd.nist.gov/vuln/detail/CVE-2023-24998 - commons-fileupload:commons-fileupload Denial of Service (DoS)
Severity: High
Modules impacted:

mod-calendar Bama
mod-notes Spitfire
mod-entities-links Spitfire
mod-search Spitfire
mod-password-validator Volaris
mod-tags Volaris
edge-dematic Volaris
edge-caiasoft Volaris
mod-remote-storage Volaris

Linked issues

is continued by

SECURITY-129

CVE-2023-24998 commons-fileupload DoS - Analysis of vulnerability - Quesnelia

is defined by

FOLSPRINGS-130

Spring Boot 3.1.5, Spring Cloud Openfeign 4.0.4

MODHAADM-78

localindices: commons-fileupload 1.5 fixing vulns

MODDCB-65

Upgrade Spring Boot and folio-spring-base

MODEXPS-248

Spring Boot 3.1.8, Kafka 3.6.1, folio-spring-base 7.2.2

Checklist

hide

TestRail: Results

Activity

Show:

Craig McNallyNovember 9, 2023 at 4:15 PM

The affected modules are not affected by this vulnerability.

Julian LadischNovember 8, 2023 at 11:04 AM

edge-fqm also has this vulnerable dependency but doesn't use file uploads and therefore is also not affected.

Julian LadischNovember 2, 2023 at 12:15 PM

All these nine module don't use file uploads and therefore are not affected. The CVE-2023-24998 FileUpload DoS issues have been suppressed in Snyk.

Won't Do

Details
Assignee
Unassigned
Reporter
Denis
Priority
TBD
RCA Group
TBD
Labels
securitysecurity-reviewed
TestRail: Cases
Open TestRail: Cases
TestRail: Runs
Open TestRail: Runs

Created November 1, 2023 at 8:54 PM

Updated May 3, 2024 at 9:09 AM

Resolved November 9, 2023 at 4:15 PM

Configure

TestRail: Cases

TestRail: Runs

CVE-2023-24998 FileUpload DoS. Analysis of vulnerability

Description

Linked issues

is continued by

is defined by

Checklist

TestRail: Results

Activity

Craig McNallyNovember 9, 2023 at 4:15 PM

Julian LadischNovember 8, 2023 at 11:04 AM

Julian LadischNovember 2, 2023 at 12:15 PM

DetailsAssigneeUnassignedUnassignedReporterDenisDenisPriorityTBDRCA GroupTBDLabelssecuritysecurity-reviewedTestRail: CasesOpen TestRail: CasesTestRail: RunsOpen TestRail: Runs

Details

Assignee

Reporter

Priority

RCA Group

Labels

TestRail: Cases

TestRail: Runs

Details
Assignee
Unassigned
Reporter
Denis
Priority
TBD
RCA Group
TBD
Labels
securitysecurity-reviewed
TestRail: Cases
Open TestRail: Cases
TestRail: Runs
Open TestRail: Runs