Using the SOAP API to add attachments to issues can cause JIRA to throw an OutOfMemoryError. This can cause JIRA to become unresponsive and could be used in a denial of service attack, which is especially bad in a multi tenant world.

This happens when using the addAttachmentsToIssue (now deprecated) with small files (~1MB), and also when using addBase64EncodedAttachmentsToIssue with large files (~100MB).

The SOAP API implementation should detect attachments that are larger than a certain size and reject the request if the size is exceeded.