Vulnerability	Vulnerable Version
H Incomplete Cleanup org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform. Affected versions of this package are vulnerable to Incomplete Cleanup via multipart request handling in WebFlux. An attacker can exhaust disk space by sending multipart requests with large parts that trigger creation of temporary files, which under certain conditions are not deleted after the request completes, leading to accumulation of temp files and denial of service. How to fix Incomplete Cleanup? Upgrade `org.springframework:spring-web` to version 6.2.18, 7.0.7 or higher.	[,6.2.18)[7.0.0-M1,7.0.7)

Incomplete Cleanup

org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform.

Affected versions of this package are vulnerable to Incomplete Cleanup via multipart request handling in WebFlux. An attacker can exhaust disk space by sending multipart requests with large parts that trigger creation of temporary files, which under certain conditions are not deleted after the request completes, leading to accumulation of temp files and denial of service.

How to fix Incomplete Cleanup?

Upgrade org.springframework:spring-web to version 6.2.18, 7.0.7 or higher.

[,6.2.18)[7.0.0-M1,7.0.7)

Go back to all versions of this package