CVE-2017-5638: Possible Remote Code Execution when performing file upload based on Jakarta Multipart parser.
(updated )
The Jakarta Multipart parser in Apache has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type
, Content-Disposition
, or Content-Length
HTTP header.
References
Detect and mitigate CVE-2017-5638 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →