MEDIUM 6.5
GHSA-5843-p793-ghmm
Spring Framework DoS with Multipart Temp Files in WebFlux
Details
A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully processed. This allows an attacker to consume available disk space.
Older, unsupported versions are also affected.
Are you affected?
Enter the version of the package you're using.
Affected packages
Maven / org.springframework:spring-webflux
Introduced in:
7.0.0 Fixed in: 7.0.7 Fix
# pom.xml: bump <version>7.0.7</version> for org.springframework:spring-webflux Maven / org.springframework:spring-webflux
Introduced in:
6.2.0 Fixed in: 6.2.18 Fix
# pom.xml: bump <version>6.2.18</version> for org.springframework:spring-webflux Maven / org.springframework:spring-webflux
Introduced in:
6.1.0 No fixed version published yet for org.springframework:spring-webflux (maven). Pin to a known-safe version or switch to an alternative.
Maven / org.springframework:spring-webflux
Introduced in:
0 No fixed version published yet for org.springframework:spring-webflux (maven). Pin to a known-safe version or switch to an alternative.