VulnerableCode Package Details - pkg:deb/debian/libcommons-fileupload-java@1.2.2-1%2Bdeb7u2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/libcommons-fileupload-java@1.2.2-1%2Bdeb7u2

purl	pkg:deb/debian/libcommons-fileupload-java@1.2.2-1%2Bdeb7u2

Next non-vulnerable version	1.3.1-1+deb8u1
Latest non-vulnerable version	1.3.1-1+deb8u1
Risk

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-qthw-u9bp-zkdp Aliases: CVE-2016-3092 GHSA-fvm3-cfvj-gxqq	Denial of Service The MultipartStream class in this package allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.	1.3.1-1+deb8u1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (2)

Vulnerability	Summary	Aliases
VCID-3txt-1psa-5kf5	Denial of service `MultipartStream.java` in this package allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted `Content-Type` header that bypasses a loop's intended exit conditions.	CVE-2014-0050 GHSA-xx68-jfcg-xmmf
VCID-f2vg-xm25-ekd1	Arbitrary file upload via deserialization The DiskFileItem class in this package allows remote attackers to write to arbitrary files via a `NULL` byte in a file name in a serialized instance.	CVE-2013-2186 GHSA-qx6h-9567-5fqw

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T20:42:57.529774+00:00	Debian Oval Importer	Affected by	VCID-qthw-u9bp-zkdp	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.6.0
2026-06-04T20:26:45.308497+00:00	Debian Oval Importer	Fixing	VCID-3txt-1psa-5kf5	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.6.0
2026-06-04T20:12:53.040691+00:00	Debian Oval Importer	Fixing	VCID-f2vg-xm25-ekd1	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	38.6.0