Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/libcommons-fileupload-java@1.4-1%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/libcommons-fileupload-java@1.4-1%2Bdeb11u1?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-2x6a-3gh1-rkhs Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue. CVE-2025-48976
GHSA-vv7r-c36w-3prj
VCID-56jv-htmt-rkew Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured. CVE-2023-24998
GHSA-hfrx-6qgj-fp6c

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T11:49:26.074726+00:00 Debian Importer Fixing VCID-56jv-htmt-rkew https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T08:04:05.623228+00:00 Debian Importer Fixing VCID-56jv-htmt-rkew https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:28:34.953896+00:00 Debian Importer Fixing VCID-2x6a-3gh1-rkhs https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:28:34.905935+00:00 Debian Importer Fixing VCID-56jv-htmt-rkew https://security-tracker.debian.org/tracker/data/json 38.1.0