Search for packages
| purl | pkg:maven/commons-fileupload/commons-fileupload@1.2.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2xqq-rzns-r7gz
Aliases: CVE-2013-0248 GHSA-vm69-474v-7q2w |
Incorrect Default Permissions in Apache Commons FileUpload The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack. |
Affected by 7 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-8sa7-2dgp-t7gv
Aliases: CVE-2025-48976 GHSA-vv7r-c36w-3prj |
Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue. |
Affected by 0 other vulnerabilities. |
|
VCID-gb8p-hr5j-yqav
Aliases: CVE-2014-0050 GHSA-xx68-jfcg-xmmf |
Affected by 4 other vulnerabilities. |
|
|
VCID-m7cq-z316-b7gp
Aliases: CVE-2016-1000031 GHSA-7x9j-7223-rg5m |
Affected by 2 other vulnerabilities. |
|
|
VCID-pqmr-zjbb-8fhv
Aliases: CVE-2023-24998 GHSA-hfrx-6qgj-fp6c |
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured. |
Affected by 1 other vulnerability. |
|
VCID-tkcj-p17z-6fe3
Aliases: CVE-2013-2186 GHSA-qx6h-9567-5fqw |
Affected by 4 other vulnerabilities. |
|
|
VCID-yvgh-9bh8-c7f5
Aliases: CVE-2016-3092 GHSA-fvm3-cfvj-gxqq |
Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||