VulnerableCode Package Details - pkg:maven/commons-fileupload/commons-fileupload@1.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/commons-fileupload/commons-fileupload@1.0

Essentials
History (3)

purl	pkg:maven/commons-fileupload/commons-fileupload@1.0
Tags	Ghost

Next non-vulnerable version	1.6.0
Latest non-vulnerable version	1.6.0
Risk	4.0

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-2x6a-3gh1-rkhs Aliases: CVE-2025-48976 GHSA-vv7r-c36w-3prj	Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.	1.6.0 Affected by 0 other vulnerabilities.
VCID-kqjy-kvpx-kub8 Aliases: CVE-2013-0248 GHSA-vm69-474v-7q2w	/tmp directory used by default for uploaded files The default configuration of `javax.servlet.context.tempdir` in this package uses the `/tmp` directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.	1.2.2 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.3 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-2x6a-3gh1-rkhs
Aliases:
CVE-2025-48976
GHSA-vv7r-c36w-3prj

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.

1.6.0
Affected by 0 other vulnerabilities.

VCID-kqjy-kvpx-kub8
Aliases:
CVE-2013-0248
GHSA-vm69-474v-7q2w

/tmp directory used by default for uploaded files The default configuration of `javax.servlet.context.tempdir` in this package uses the `/tmp` directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.

1.2.2
Affected by 7 other vulnerabilities.

1.3
Affected by 6 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-07T04:58:04.092054+00:00	GHSA Importer	Affected by	VCID-2x6a-3gh1-rkhs	https://github.com/advisories/GHSA-vv7r-c36w-3prj	38.1.0
2026-04-02T12:41:35.533948+00:00	GitLab Importer	Affected by	VCID-2x6a-3gh1-rkhs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/commons-fileupload/commons-fileupload/CVE-2025-48976.yml	38.0.0
2026-04-01T16:00:45.535245+00:00	GHSA Importer	Affected by	VCID-kqjy-kvpx-kub8	https://github.com/advisories/GHSA-vm69-474v-7q2w	38.0.0