RSS   Vulnerabilities for 'Gwtupload'   RSS

2020-05-18
 
CVE-2020-13128

CWE-434
 

 
An issue was discovered in Manolo GWTUpload 1.0.3. server/UploadServlet.java (the servlet for handling file upload) accepts a delay parameter that causes a thread to sleep. It can be abused to cause all of a server's threads to sleep, leading to denial of service.

 
2020-02-28
 
CVE-2020-9447

CWE-79
 

 
The file-upload feature in GwtUpload 1.0.3 allows XSS via a crafted filename.

 


Copyright 2024, cxsecurity.com

 

Back to Top