Announcement

Collapse
No announcement yet.
X
Collapse
  • Page of 1
  • Filter
  • Time
Clear All
new posts
Previous template Next
    #1

    CVE-2025-48976

    Hello

    Our scans are reporting security vulnerability (CVE-2025-48976 ) in a commons-fileupload2-core-2.0.0-M1.jar which is part of smartclient.
    Could you please share if smartclient is vulnerable ?

    Thanks
    Tags: None
    #2
    That's a DOS - an attacker can put together an upload that causes the server to allocate lots of memory without the attacker having to send very much data.

    You are only vulnerable if you allow multipart file uploads from untrusted users.

    If that's a concern, the fixed library is backwards compatible.

    Comment

      #3
      Thanks for sharing.

      Comment

        #4
        CVE-2025-48976 is only relevant if multipart uploads from untrusted users are accepted by your smartclient application.

        Otherwise, there is no problem. Dropping in the patched commons-fileupload2 will not harm you and is backward compatible if you want to be safe.

        Comment

        Previous template Next
        Working...
        X