VulnerableCode Package Details - pkg:deb/debian/libcommons-fileupload-java@1.4-2

Search for packages

Vulnerability	Summary	Fixed by
VCID-2x6a-3gh1-rkhs Aliases: CVE-2025-48976 GHSA-vv7r-c36w-3prj	Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-2x6a-3gh1-rkhs
Aliases:
CVE-2025-48976
GHSA-vv7r-c36w-3prj

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
VCID-2x6a-3gh1-rkhs	Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.	CVE-2025-48976 GHSA-vv7r-c36w-3prj
VCID-56jv-htmt-rkew	Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.	CVE-2023-24998 GHSA-hfrx-6qgj-fp6c

Vulnerability

Summary

Aliases

VCID-2x6a-3gh1-rkhs

CVE-2025-48976
GHSA-vv7r-c36w-3prj

VCID-56jv-htmt-rkew

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.

CVE-2023-24998
GHSA-hfrx-6qgj-fp6c

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T10:56:28.853752+00:00	Debian Importer	Affected by	VCID-2x6a-3gh1-rkhs	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-15T23:49:54.299389+00:00	Debian Oval Importer	Fixing	VCID-56jv-htmt-rkew	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T17:25:15.412094+00:00	Debian Oval Importer	Fixing	VCID-2x6a-3gh1-rkhs	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-13T07:25:09.031371+00:00	Debian Importer	Affected by	VCID-2x6a-3gh1-rkhs	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T23:24:21.313474+00:00	Debian Oval Importer	Fixing	VCID-56jv-htmt-rkew	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T17:11:37.905879+00:00	Debian Oval Importer	Fixing	VCID-2x6a-3gh1-rkhs	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-08T22:57:31.319882+00:00	Debian Oval Importer	Fixing	VCID-56jv-htmt-rkew	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T18:55:50.898930+00:00	Debian Importer	Affected by	VCID-2x6a-3gh1-rkhs	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T17:00:37.356175+00:00	Debian Oval Importer	Fixing	VCID-2x6a-3gh1-rkhs	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0