|Requires Admin Access:||No|
|Fix Version:||22.10+, LTS 21.06.12+, LTS 22.03.4+|
|Credit:||Fortinet / Thanh Nguyen Nguyen|
It is possible to call the TempFileResource multiple times, each time requesting the dotCMS server to download a large file. If done enough repeatedly, this will result in the Tomcat Request Thread pool to be exhausted and ultimately a denial of any other requests.
This vulnerability was introduced in dotCMS version 5.2.0. Users of versions before that are not affected by this vulnerability report.