VulnerableCode Package Details - pkg:deb/debian/libcommons-fileupload-java@1.2.2-1%2Bdeb6u2

Search for packages

Package details: pkg:deb/debian/libcommons-fileupload-java@1.2.2-1%2Bdeb6u2

Essentials
History (9)

purl	pkg:deb/debian/libcommons-fileupload-java@1.2.2-1%2Bdeb6u2

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	10.0

Vulnerabilities affecting this package (6)

Vulnerability	Summary	Fixed by
VCID-2xqq-rzns-r7gz Aliases: CVE-2013-0248 GHSA-vm69-474v-7q2w	Incorrect Default Permissions in Apache Commons FileUpload The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.	1.3.1-1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-8sa7-2dgp-t7gv Aliases: CVE-2025-48976 GHSA-vv7r-c36w-3prj	Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.	1.4-2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-gb8p-hr5j-yqav Aliases: CVE-2014-0050 GHSA-xx68-jfcg-xmmf		1.2.2-1+deb7u2 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.3.1-1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-pqmr-zjbb-8fhv Aliases: CVE-2023-24998 GHSA-hfrx-6qgj-fp6c	Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.	1.4-2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-tkcj-p17z-6fe3 Aliases: CVE-2013-2186 GHSA-qx6h-9567-5fqw		1.2.2-1+deb7u2 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.3.1-1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-yvgh-9bh8-c7f5 Aliases: CVE-2016-3092 GHSA-fvm3-cfvj-gxqq		1.3.1-1+deb8u1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.3.2-2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T19:08:34.892331+00:00	Debian Oval Importer	Affected by	VCID-pqmr-zjbb-8fhv	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T18:33:29.352097+00:00	Debian Oval Importer	Affected by	VCID-tkcj-p17z-6fe3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T15:13:19.389379+00:00	Debian Oval Importer	Affected by	VCID-2xqq-rzns-r7gz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:41:14.685116+00:00	Debian Oval Importer	Affected by	VCID-8sa7-2dgp-t7gv	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:15:06.907892+00:00	Debian Oval Importer	Affected by	VCID-gb8p-hr5j-yqav	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T12:12:48.957863+00:00	Debian Oval Importer	Affected by	VCID-yvgh-9bh8-c7f5	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T09:54:47.990072+00:00	Debian Oval Importer	Affected by	VCID-yvgh-9bh8-c7f5	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	37.0.0
2025-08-01T09:39:58.167034+00:00	Debian Oval Importer	Affected by	VCID-gb8p-hr5j-yqav	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0
2025-08-01T09:27:20.906423+00:00	Debian Oval Importer	Affected by	VCID-tkcj-p17z-6fe3	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0