Uploaded image for project: 'mod-data-export-spring'
  1. mod-data-export-spring
  2. MODEXPS-51

Limit file upload size

    XMLWordPrintable

Details

    • Story
    • Status: Closed (View Workflow)
    • P3
    • Resolution: Duplicate
    • None
    • None
    • Firebird

    Description

      Coming from the investigation of possible file upload vulnerabilities within FOLIO-3317 mod-data-export has been found to take use of RMB stream upload feature, which in case of mod-invoice could've been used to make a module unusable (see MODINVOICE-124).

      So this story is intented to consider if a limited upload size need to be implemented to "prevent a potential denial of service (DoS) attack in which a threat actor can fill up disk space".

      TestRail: Results

        Attachments

          Issue Links

            relates to

            Task - A task that needs to be done. FOLIO-3317 Spike - investigate possible file upload vulnerability

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Open
            mentioned in

            Page Loading...

            Activity

              People

                Unassigned Unassigned
                Axel Axel Dörrer
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases