VulnerableCode Package Details - pkg:deb/debian/libcommons-fileupload-java@1.4-1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/libcommons-fileupload-java@1.4-1

purl	pkg:deb/debian/libcommons-fileupload-java@1.4-1

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.0

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-2x6a-3gh1-rkhs Aliases: CVE-2025-48976 GHSA-vv7r-c36w-3prj	Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.	1.4-2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-56jv-htmt-rkew Aliases: CVE-2023-24998 GHSA-hfrx-6qgj-fp6c	Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.	1.4-2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-15T23:49:54.295586+00:00	Debian Oval Importer	Affected by	VCID-56jv-htmt-rkew	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T17:25:15.408813+00:00	Debian Oval Importer	Affected by	VCID-2x6a-3gh1-rkhs	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-11T23:24:21.310011+00:00	Debian Oval Importer	Affected by	VCID-56jv-htmt-rkew	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T17:11:37.901587+00:00	Debian Oval Importer	Affected by	VCID-2x6a-3gh1-rkhs	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-08T22:57:31.315860+00:00	Debian Oval Importer	Affected by	VCID-56jv-htmt-rkew	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T17:00:37.350551+00:00	Debian Oval Importer	Affected by	VCID-2x6a-3gh1-rkhs	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0