Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn moreA Spring MVC or Spring WebFlux application that handles file uploads is vulnerable to DoS attack if it relies on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
Spring Framework:
| Fix version | Availability |
|---|---|
| 5.3.20 | OSS |
| 5.2.22 | OSS |
No further mitigation steps are necessary.
This vulnerability was responsibly reported to VMware by Rob Ryan from Adobe Inc. Related variations were also reported by WeBin Lab of Dbappsecurity and by Vivek Sharm from Arcesium.
To report a security vulnerability for a project within the Spring portfolio, see the Security Policy