Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/commons-fileupload/commons-fileupload@1.5
purl pkg:maven/commons-fileupload/commons-fileupload@1.5
Next non-vulnerable version 1.6.0
Latest non-vulnerable version 1.6.0
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-2x6a-3gh1-rkhs
Aliases:
CVE-2025-48976
GHSA-vv7r-c36w-3prj
Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.
1.6.0
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-56jv-htmt-rkew Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured. CVE-2023-24998
GHSA-hfrx-6qgj-fp6c

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T23:31:09.941361+00:00 GitLab Importer Affected by VCID-2x6a-3gh1-rkhs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/commons-fileupload/commons-fileupload/CVE-2025-48976.yml 38.4.0
2026-04-16T22:22:26.932314+00:00 GitLab Importer Fixing VCID-56jv-htmt-rkew https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/commons-fileupload/commons-fileupload/CVE-2023-24998.yml 38.4.0
2026-04-12T00:50:56.891325+00:00 GitLab Importer Affected by VCID-2x6a-3gh1-rkhs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/commons-fileupload/commons-fileupload/CVE-2025-48976.yml 38.3.0
2026-04-11T23:40:34.574132+00:00 GitLab Importer Fixing VCID-56jv-htmt-rkew https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/commons-fileupload/commons-fileupload/CVE-2023-24998.yml 38.3.0
2026-04-03T00:59:00.579256+00:00 GitLab Importer Affected by VCID-2x6a-3gh1-rkhs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/commons-fileupload/commons-fileupload/CVE-2025-48976.yml 38.1.0
2026-04-02T23:44:37.574516+00:00 GitLab Importer Fixing VCID-56jv-htmt-rkew https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/commons-fileupload/commons-fileupload/CVE-2023-24998.yml 38.1.0
2026-04-02T16:58:59.153988+00:00 GHSA Importer Fixing VCID-56jv-htmt-rkew https://github.com/advisories/GHSA-hfrx-6qgj-fp6c 38.1.0
2026-04-01T12:58:21.766591+00:00 GithubOSV Importer Fixing VCID-56jv-htmt-rkew https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-hfrx-6qgj-fp6c/GHSA-hfrx-6qgj-fp6c.json 38.0.0
2026-04-01T12:50:55.343391+00:00 GitLab Importer Fixing VCID-56jv-htmt-rkew https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/commons-fileupload/commons-fileupload/CVE-2023-24998.yml 38.0.0