CVE-2025-48976 - SmartClient Forums

You need to login (link above) before you can post. If you do not yet have an account, please register.

X

b2bidev

Registered Developer

Join Date: Sep 2024

Posts: 23
#1

CVE-2025-48976

Yesterday, 11:10

Hello

Our scans are reporting security vulnerability (CVE-2025-48976 ) in a commons-fileupload2-core-2.0.0-M1.jar which is part of smartclient.
Could you please share if smartclient is vulnerable ?

Thanks
Tags: None
Isomorphic

Administrator

Join Date: May 2006

Posts: 55368
#2

Yesterday, 11:16

That's a DOS - an attacker can put together an upload that causes the server to allocate lots of memory without the attacker having to send very much data.

You are only vulnerable if you allow multipart file uploads from untrusted users.

If that's a concern, the fixed library is backwards compatible.
Comment
b2bidev

Registered Developer

Join Date: Sep 2024

Posts: 23
#3

Yesterday, 14:18

Thanks for sharing.
Comment

Previous template Next

Working...

X