Search for packages
| purl | pkg:maven/commons-fileupload/commons-fileupload@1.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2c6h-srga-aaap
Aliases: CVE-2023-24998 GHSA-hfrx-6qgj-fp6c |
Apache Commons FileUpload denial of service vulnerability |
Affected by 0 other vulnerabilities. |
|
VCID-hysp-vpze-aaaa
Aliases: CVE-2013-0248 GHSA-vm69-474v-7q2w |
/tmp directory used by default for uploaded files The default configuration of `javax.servlet.context.tempdir` in this package uses the `/tmp` directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack. |
Affected by 6 other vulnerabilities. Affected by 5 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-01-17T02:29:02.807160+00:00 | GHSA Importer | Affected by | VCID-hysp-vpze-aaaa | None | 35.1.0 |
| 2024-09-17T22:40:39.577607+00:00 | GitLab Importer | Affected by | VCID-2c6h-srga-aaap | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/commons-fileupload/commons-fileupload/CVE-2023-24998.yml | 34.0.1 |
| 2024-09-17T22:04:23.873520+00:00 | GHSA Importer | Affected by | VCID-hysp-vpze-aaaa | https://github.com/advisories/GHSA-vm69-474v-7q2w | 34.0.1 |
| 2024-01-03T18:03:03.492695+00:00 | GitLab Importer | Affected by | VCID-2c6h-srga-aaap | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/commons-fileupload/commons-fileupload/CVE-2023-24998.yml | 34.0.0rc1 |
| 2024-01-03T17:39:09.598428+00:00 | GHSA Importer | Affected by | VCID-hysp-vpze-aaaa | https://github.com/advisories/GHSA-vm69-474v-7q2w | 34.0.0rc1 |