Search for packages
Package details: pkg:deb/debian/libcommons-fileupload-java@1.2.2-1%2Bdeb7u2
purl pkg:deb/debian/libcommons-fileupload-java@1.2.2-1%2Bdeb7u2
Next non-vulnerable version 1.3.2-2
Latest non-vulnerable version 1.4-2
Risk 10.0
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-hysp-vpze-aaaa
Aliases:
CVE-2013-0248
GHSA-vm69-474v-7q2w
/tmp directory used by default for uploaded files The default configuration of `javax.servlet.context.tempdir` in this package uses the `/tmp` directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
1.3.1-1
Affected by 1 other vulnerability.
VCID-qcms-zybq-aaap
Aliases:
CVE-2014-0050
GHSA-xx68-jfcg-xmmf
High severity vulnerability that affects commons-fileupload:commons-fileupload
1.3.1-1
Affected by 1 other vulnerability.
VCID-qmjs-369r-aaar
Aliases:
CVE-2016-3092
GHSA-fvm3-cfvj-gxqq
High severity vulnerability that affects commons-fileupload:commons-fileupload
1.3.1-1+deb8u1
Affected by 1 other vulnerability.
1.3.2-2
Affected by 0 other vulnerabilities.
VCID-yqy8-6qrt-aaaa
Aliases:
CVE-2013-2186
GHSA-qx6h-9567-5fqw
Arbitrary file upload via deserialization The DiskFileItem class in this package allows remote attackers to write to arbitrary files via a `NULL` byte in a file name in a serialized instance.
1.3.1-1
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-qcms-zybq-aaap High severity vulnerability that affects commons-fileupload:commons-fileupload CVE-2014-0050
GHSA-xx68-jfcg-xmmf
VCID-yqy8-6qrt-aaaa Arbitrary file upload via deserialization The DiskFileItem class in this package allows remote attackers to write to arbitrary files via a `NULL` byte in a file name in a serialized instance. CVE-2013-2186
GHSA-qx6h-9567-5fqw

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T19:10:48.171208+00:00 Debian Oval Importer Affected by VCID-qcms-zybq-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T18:24:12.627249+00:00 Debian Oval Importer Affected by VCID-qmjs-369r-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T14:16:44.984222+00:00 Debian Oval Importer Affected by VCID-qcms-zybq-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:56:57.993183+00:00 Debian Oval Importer Affected by VCID-yqy8-6qrt-aaaa https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:28:32.820537+00:00 Debian Oval Importer Affected by VCID-hysp-vpze-aaaa https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T12:25:46.382167+00:00 Debian Oval Importer Affected by VCID-qmjs-369r-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T09:33:00.676401+00:00 Debian Oval Importer Affected by VCID-qmjs-369r-aaar https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.1.3
2025-06-21T09:18:38.275063+00:00 Debian Oval Importer Fixing VCID-qcms-zybq-aaap https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.3
2025-06-21T09:06:09.834780+00:00 Debian Oval Importer Fixing VCID-yqy8-6qrt-aaaa https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.3
2025-06-21T00:24:20.339345+00:00 Debian Oval Importer Affected by VCID-hysp-vpze-aaaa None 36.1.3
2025-06-20T21:53:45.251821+00:00 Debian Oval Importer Affected by VCID-qcms-zybq-aaap None 36.1.3
2025-06-20T19:51:55.373537+00:00 Debian Oval Importer Affected by VCID-yqy8-6qrt-aaaa None 36.1.3
2025-06-20T19:48:09.153096+00:00 Debian Oval Importer Affected by VCID-qmjs-369r-aaar None 36.1.3
2025-06-20T19:33:27.973845+00:00 Debian Oval Importer Fixing VCID-yqy8-6qrt-aaaa None 36.1.3
2025-06-20T19:28:33.046618+00:00 Debian Oval Importer Fixing VCID-qcms-zybq-aaap None 36.1.3
2025-06-08T13:05:15.775450+00:00 Debian Oval Importer Affected by VCID-hysp-vpze-aaaa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:39:42.961681+00:00 Debian Oval Importer Affected by VCID-qcms-zybq-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:54:53.022424+00:00 Debian Oval Importer Affected by VCID-qmjs-369r-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T07:10:06.675591+00:00 Debian Oval Importer Affected by VCID-qcms-zybq-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:51:08.761942+00:00 Debian Oval Importer Affected by VCID-yqy8-6qrt-aaaa https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:22:35.769385+00:00 Debian Oval Importer Affected by VCID-hysp-vpze-aaaa https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:26:51.113062+00:00 Debian Oval Importer Affected by VCID-qmjs-369r-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T03:21:29.217631+00:00 Debian Oval Importer Affected by VCID-qmjs-369r-aaar https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.1.0
2025-06-08T03:06:27.339978+00:00 Debian Oval Importer Fixing VCID-qcms-zybq-aaap https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.0
2025-06-08T02:53:18.669832+00:00 Debian Oval Importer Fixing VCID-yqy8-6qrt-aaaa https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.0
2025-06-07T17:47:08.379478+00:00 Debian Oval Importer Affected by VCID-hysp-vpze-aaaa None 36.1.0
2025-06-07T15:17:06.606112+00:00 Debian Oval Importer Affected by VCID-qcms-zybq-aaap None 36.1.0
2025-06-07T13:43:21.439504+00:00 Debian Oval Importer Affected by VCID-yqy8-6qrt-aaaa None 36.1.0
2025-06-07T13:40:15.000816+00:00 Debian Oval Importer Affected by VCID-qmjs-369r-aaar None 36.1.0
2025-06-07T13:29:22.780781+00:00 Debian Oval Importer Fixing VCID-yqy8-6qrt-aaaa None 36.1.0
2025-06-07T13:25:56.406034+00:00 Debian Oval Importer Fixing VCID-qcms-zybq-aaap None 36.1.0
2025-06-03T13:25:13.973547+00:00 Debian Oval Importer Fixing VCID-qcms-zybq-aaap None 36.1.2
2025-04-12T21:23:28.887119+00:00 Debian Oval Importer Affected by VCID-yqy8-6qrt-aaaa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:52:47.018809+00:00 Debian Oval Importer Affected by VCID-hysp-vpze-aaaa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:24:23.264767+00:00 Debian Oval Importer Affected by VCID-qcms-zybq-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:37:26.273655+00:00 Debian Oval Importer Affected by VCID-qmjs-369r-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-08T05:42:40.501458+00:00 Debian Oval Importer Affected by VCID-qcms-zybq-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:23:36.717952+00:00 Debian Oval Importer Affected by VCID-yqy8-6qrt-aaaa https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:54:50.452704+00:00 Debian Oval Importer Affected by VCID-hysp-vpze-aaaa https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:58:04.275481+00:00 Debian Oval Importer Affected by VCID-qmjs-369r-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T01:48:53.514004+00:00 Debian Oval Importer Affected by VCID-qmjs-369r-aaar https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.0.0
2025-04-08T01:33:41.170593+00:00 Debian Oval Importer Fixing VCID-qcms-zybq-aaap https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.0.0
2025-04-08T01:20:33.324204+00:00 Debian Oval Importer Fixing VCID-yqy8-6qrt-aaaa https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.0.0
2025-04-07T16:23:34.760669+00:00 Debian Oval Importer Affected by VCID-hysp-vpze-aaaa None 36.0.0
2025-04-07T13:48:37.597283+00:00 Debian Oval Importer Affected by VCID-qcms-zybq-aaap None 36.0.0
2025-04-07T12:18:38.969253+00:00 Debian Oval Importer Affected by VCID-yqy8-6qrt-aaaa None 36.0.0
2025-04-07T12:15:36.456064+00:00 Debian Oval Importer Affected by VCID-qmjs-369r-aaar None 36.0.0
2025-04-07T12:04:51.039527+00:00 Debian Oval Importer Fixing VCID-yqy8-6qrt-aaaa None 36.0.0
2025-04-07T12:01:27.351292+00:00 Debian Oval Importer Fixing VCID-qcms-zybq-aaap None 36.0.0
2024-11-29T15:13:07.140467+00:00 Debian Oval Importer Affected by VCID-hysp-vpze-aaaa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-10-15T07:56:55.505811+00:00 Debian Oval Importer Affected by VCID-yqy8-6qrt-aaaa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-15T07:56:54.777540+00:00 Debian Oval Importer Fixing VCID-yqy8-6qrt-aaaa https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 34.0.2
2024-10-14T21:53:35.765274+00:00 Debian Oval Importer Affected by VCID-hysp-vpze-aaaa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-05T05:45:49.029571+00:00 Debian Oval Importer Affected by VCID-yqy8-6qrt-aaaa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-10-05T05:45:48.336843+00:00 Debian Oval Importer Fixing VCID-yqy8-6qrt-aaaa https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 34.0.1
2024-09-21T12:42:38.766010+00:00 Debian Oval Importer Affected by VCID-hysp-vpze-aaaa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1