Apache Commons FileUpload is vulnerable to Denial Of Service (DoS). The vulnerability exists because the default configuration doesn’t limit the number of request parts to be processed which allows an attacker to submit an upload with unlimited file parts, resulting in Denial of Service.
www.openwall.com/lists/oss-security/2023/05/22/1
commons.apache.org/proper/commons-fileupload/apidocs/org/apache/commons/fileupload/FileUploadBase.html#setFileCountMax-long-
commons.apache.org/proper/commons-fileupload/security-reports.html
github.com/advisories/GHSA-hfrx-6qgj-fp6c
github.com/apache/commons-fileupload/commit/e20c04990f7420ca917e96a84cec58b13a1b3d17
lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy
lists.debian.org/debian-lts-announce/2023/10/msg00020.html
security.gentoo.org/glsa/202305-37
www.debian.org/security/2023/dsa-5522