VulnerableCode Package Details - pkg:deb/debian/libcommons-fileupload-java@1.3.1-1%2Bdeb8u1

Search for packages

Package details: pkg:deb/debian/libcommons-fileupload-java@1.3.1-1%2Bdeb8u1

Essentials
History (4)

purl	pkg:deb/debian/libcommons-fileupload-java@1.3.1-1%2Bdeb8u1

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.0

Vulnerabilities affecting this package (3)

Vulnerability	Summary	Fixed by
VCID-8sa7-2dgp-t7gv Aliases: CVE-2025-48976 GHSA-vv7r-c36w-3prj	Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.	1.4-2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-pqmr-zjbb-8fhv Aliases: CVE-2023-24998 GHSA-hfrx-6qgj-fp6c	Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.	1.4-2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-yvgh-9bh8-c7f5 Aliases: CVE-2016-3092 GHSA-fvm3-cfvj-gxqq		1.3.2-2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-yvgh-9bh8-c7f5		CVE-2016-3092 GHSA-fvm3-cfvj-gxqq

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T19:08:34.907041+00:00	Debian Oval Importer	Affected by	VCID-pqmr-zjbb-8fhv	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:41:14.699836+00:00	Debian Oval Importer	Affected by	VCID-8sa7-2dgp-t7gv	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T12:12:48.970829+00:00	Debian Oval Importer	Affected by	VCID-yvgh-9bh8-c7f5	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T09:54:48.010099+00:00	Debian Oval Importer	Fixing	VCID-yvgh-9bh8-c7f5	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	37.0.0