CVE-2020-13128: Unrestricted Upload of File with Dangerous Type

May 18, 2020 (updated May 19, 2020)

An issue was discovered in GWTUpload’s server/UploadServlet.java (the servlet for handling file upload) accepts a delay parameter that causes a thread to sleep. It can be abused to cause all of a server’s threads to sleep, leading to denial of service.

References

nvd.nist.gov/vuln/detail/CVE-2020-13128

Detect and mitigate CVE-2020-13128 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →