Description
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.
Remediation
References
https://access.redhat.com/errata/RHSA-2023:4918
https://access.redhat.com/security/cve/CVE-2023-3223
https://access.redhat.com/errata/RHSA-2023:4919
https://access.redhat.com/errata/RHSA-2023:4507
https://bugzilla.redhat.com/show_bug.cgi?id=2209689
https://access.redhat.com/errata/RHSA-2023:4509
https://access.redhat.com/errata/RHSA-2023:4921
https://access.redhat.com/errata/RHSA-2023:4505
https://access.redhat.com/errata/RHSA-2023:4506
https://access.redhat.com/errata/RHSA-2023:4924
https://access.redhat.com/errata/RHSA-2023:4920
https://security.netapp.com/advisory/ntap-20231027-0004/
https://access.redhat.com/errata/RHSA-2023:7247
Related Vulnerabilities
CVE-2023-31206 Vulnerability in maven package org.apache.inlong:manager-pojo
CVE-2023-32981 Vulnerability in maven package org.jenkins-ci.plugins:pipeline-utility-steps
CVE-2017-5656 Vulnerability in maven package org.apache.cxf:cxf-rt-ws-security
CVE-2021-31407 Vulnerability in maven package com.vaadin:flow-server
CVE-2020-17533 Vulnerability in maven package org.apache.accumulo:accumulo-core