VulnerableCode Package Details - pkg:maven/commons-fileupload/commons-fileupload@1.3.3

Search for packages

Vulnerability	Summary	Fixed by
VCID-2x6a-3gh1-rkhs Aliases: CVE-2025-48976 GHSA-vv7r-c36w-3prj	Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.	1.6.0 Affected by 0 other vulnerabilities.
VCID-56jv-htmt-rkew Aliases: CVE-2023-24998 GHSA-hfrx-6qgj-fp6c	Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.	1.5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-2x6a-3gh1-rkhs
Aliases:
CVE-2025-48976
GHSA-vv7r-c36w-3prj

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.

1.6.0
Affected by 0 other vulnerabilities.

VCID-56jv-htmt-rkew
Aliases:
CVE-2023-24998
GHSA-hfrx-6qgj-fp6c

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.

1.5
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-d571-6zkc-jfdy	Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution	CVE-2016-1000031 GHSA-7x9j-7223-rg5m

Vulnerability

Summary

Aliases

VCID-d571-6zkc-jfdy

Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution

CVE-2016-1000031
GHSA-7x9j-7223-rg5m

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:31:09.934524+00:00	GitLab Importer	Affected by	VCID-2x6a-3gh1-rkhs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/commons-fileupload/commons-fileupload/CVE-2025-48976.yml	38.4.0
2026-04-16T22:22:26.925328+00:00	GitLab Importer	Affected by	VCID-56jv-htmt-rkew	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/commons-fileupload/commons-fileupload/CVE-2023-24998.yml	38.4.0
2026-04-16T20:34:46.687813+00:00	GitLab Importer	Fixing	VCID-d571-6zkc-jfdy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/commons-fileupload/commons-fileupload/CVE-2016-1000031.yml	38.4.0
2026-04-16T01:26:20.927434+00:00	GHSA Importer	Fixing	VCID-d571-6zkc-jfdy	https://github.com/advisories/GHSA-7x9j-7223-rg5m	38.4.0
2026-04-12T00:50:56.884205+00:00	GitLab Importer	Affected by	VCID-2x6a-3gh1-rkhs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/commons-fileupload/commons-fileupload/CVE-2025-48976.yml	38.3.0
2026-04-11T23:40:34.566671+00:00	GitLab Importer	Affected by	VCID-56jv-htmt-rkew	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/commons-fileupload/commons-fileupload/CVE-2023-24998.yml	38.3.0
2026-04-11T21:45:17.135486+00:00	GitLab Importer	Fixing	VCID-d571-6zkc-jfdy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/commons-fileupload/commons-fileupload/CVE-2016-1000031.yml	38.3.0
2026-04-11T12:55:39.592537+00:00	GHSA Importer	Fixing	VCID-d571-6zkc-jfdy	https://github.com/advisories/GHSA-7x9j-7223-rg5m	38.3.0
2026-04-03T00:59:00.571792+00:00	GitLab Importer	Affected by	VCID-2x6a-3gh1-rkhs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/commons-fileupload/commons-fileupload/CVE-2025-48976.yml	38.1.0
2026-04-02T23:44:37.567759+00:00	GitLab Importer	Affected by	VCID-56jv-htmt-rkew	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/commons-fileupload/commons-fileupload/CVE-2023-24998.yml	38.1.0
2026-04-02T21:59:19.074305+00:00	GitLab Importer	Fixing	VCID-d571-6zkc-jfdy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/commons-fileupload/commons-fileupload/CVE-2016-1000031.yml	38.1.0
2026-04-02T13:48:10.162102+00:00	GHSA Importer	Fixing	VCID-d571-6zkc-jfdy	https://github.com/advisories/GHSA-7x9j-7223-rg5m	38.1.0
2026-04-01T18:07:38.052478+00:00	GitLab Importer	Affected by	VCID-56jv-htmt-rkew	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/commons-fileupload/commons-fileupload/CVE-2023-24998.yml	38.0.0
2026-04-01T15:57:10.352362+00:00	GHSA Importer	Fixing	VCID-d571-6zkc-jfdy	https://github.com/advisories/GHSA-7x9j-7223-rg5m	38.0.0
2026-04-01T13:03:47.444508+00:00	GithubOSV Importer	Fixing	VCID-d571-6zkc-jfdy	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/12/GHSA-7x9j-7223-rg5m/GHSA-7x9j-7223-rg5m.json	38.0.0
2026-04-01T12:47:06.610975+00:00	GitLab Importer	Fixing	VCID-d571-6zkc-jfdy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/commons-fileupload/commons-fileupload/CVE-2016-1000031.yml	38.0.0