Hello,My Name is tkswifty.I found the issue in the latest code of master branch here: https://github.com/spring-projects/spring-framework/blob/master/spring-web/src/main/java/org/springframework/web/multipart/support/StandardMultipartHttpServletRequest.java I assume it applies to the latest 5.3.2 version. Springboot will use StandardServletMultipartResolver to deal with the multipart request.if Spring is running on a root privilege computer and if attacker provides a filename like "../../../../../../../../../var/spool/cron/root",parseRequest method will return "../../../../../../../../../var/spool/cron/root" which is a unreasonable file name. and then if application use this filename,critical path traversal issue can happen.
Comment From: rstoyanchev
It would be difficult to sanitize the original filename properly and so it is a risk to use for filenames on a different file system. Our recommendation is to avoid use of the original filename and save it for reference if necessary.
Comment From: rstoyanchev
BTW please keep in mind that if you suspect a vulnerability you should disclose it through the appropriate channel as indicated at the top of the issue template.