VDB
KO
MEDIUM 6.5

GHSA-5843-p793-ghmm

Spring Framework DoS with Multipart Temp Files in WebFlux

Details

A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully processed. This allows an attacker to consume available disk space.

Older, unsupported versions are also affected.

Are you affected?

Enter the version of the package you're using.

Affected packages

Maven / org.springframework:spring-webflux
Introduced in: 7.0.0 Fixed in: 7.0.7
Fix # pom.xml: bump <version>7.0.7</version> for org.springframework:spring-webflux
Maven / org.springframework:spring-webflux
Introduced in: 6.2.0 Fixed in: 6.2.18
Fix # pom.xml: bump <version>6.2.18</version> for org.springframework:spring-webflux
Maven / org.springframework:spring-webflux
Introduced in: 6.1.0

No fixed version published yet for org.springframework:spring-webflux (maven). Pin to a known-safe version or switch to an alternative.

Maven / org.springframework:spring-webflux
Introduced in: 0

No fixed version published yet for org.springframework:spring-webflux (maven). Pin to a known-safe version or switch to an alternative.

References