VulnerableCode Package Details - pkg:maven/commons-fileupload/commons-fileupload@1-alpha0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/commons-fileupload/commons-fileupload@1-alpha0

Essentials
History (2)

purl	pkg:maven/commons-fileupload/commons-fileupload@1-alpha0
Tags	Ghost

Next non-vulnerable version	1.6.0
Latest non-vulnerable version	1.6.0
Risk	10.0

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-jc2q-ht2b-cfhx Aliases: CVE-2013-2186 GHSA-qx6h-9567-5fqw	The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.	1.3.1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-kqjy-kvpx-kub8 Aliases: CVE-2013-0248 GHSA-vm69-474v-7q2w	/tmp directory used by default for uploaded files The default configuration of `javax.servlet.context.tempdir` in this package uses the `/tmp` directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.	1.2.2 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.3 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-jc2q-ht2b-cfhx
Aliases:
CVE-2013-2186
GHSA-qx6h-9567-5fqw

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.

1.3.1
Affected by 4 other vulnerabilities.

VCID-kqjy-kvpx-kub8
Aliases:
CVE-2013-0248
GHSA-vm69-474v-7q2w

/tmp directory used by default for uploaded files The default configuration of `javax.servlet.context.tempdir` in this package uses the `/tmp` directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.

1.2.2
Affected by 7 other vulnerabilities.

1.3
Affected by 6 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T12:46:50.659504+00:00	GitLab Importer	Affected by	VCID-jc2q-ht2b-cfhx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/commons-fileupload/commons-fileupload/CVE-2013-2186.yml	38.0.0
2026-04-01T12:46:48.701424+00:00	GitLab Importer	Affected by	VCID-kqjy-kvpx-kub8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/commons-fileupload/commons-fileupload/CVE-2013-0248.yml	38.0.0