Description
An issue was discovered in Manolo GWTUpload 1.0.3. server/UploadServlet.java (the servlet for handling file upload) accepts a delay parameter that causes a thread to sleep. It can be abused to cause all of a server's threads to sleep, leading to denial of service.
Remediation
References
https://logicaltrust.net/blog/2020/02/gwt-upload.html
https://github.com/manolo/gwtupload/issues/33
Related Vulnerabilities
CVE-2021-27292 Vulnerability in npm package ua-parser-js
CVE-2023-4853 Vulnerability in maven package io.quarkus:quarkus-undertow
CVE-2019-9153 Vulnerability in npm package openpgp
CVE-2020-17510 Vulnerability in maven package org.apache.shiro:shiro-spring-boot-web-starter
CVE-2020-7788 Vulnerability in maven package org.webjars.npm:ini