VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-2xqq-rzns-r7gz

Essentials
Severities (35)
References (13)
Severity details (7)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-2xqq-rzns-r7gz
Aliases	CVE-2013-0248 GHSA-vm69-474v-7q2w
Summary	Incorrect Default Permissions in Apache Commons FileUpload The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
Status	Published
Exploitability	0.5
Weighted Severity	2.7
Risk	1.4
Affected and Fixed Packages	Package Details

Weaknesses (5)

CWE-276	Incorrect Default Permissions
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264	Permissions, Privileges, and Access Controls
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-552	Files or Directories Accessible to External Parties

System	Score	Found at
generic_textual	LOW	http://archives.neohapsis.com/archives/bugtraq/2013-03/0035.html
generic_textual	LOW	http://marc.info/?l=bugtraq&m=144050155601375&w=2
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2013-0248
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2013-0248
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2013-0248
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2013-0248
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2013-0248
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2013-0248
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2013-0248
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2013-0248
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2013-0248
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2013-0248
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2013-0248
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2013-0248
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2013-0248
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2013-0248
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2013-0248
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2013-0248
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2013-0248
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2013-0248
epss	0.00052	https://api.first.org/data/v1/epss?cve=CVE-2013-0248
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2013-0248
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2013-0248
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2013-0248
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2013-0248
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2013-0248
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2013-0248
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2013-0248
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2013-0248
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2013-0248
cvssv3.1_qr	LOW	https://github.com/advisories/GHSA-vm69-474v-7q2w
generic_textual	LOW	https://nvd.nist.gov/vuln/detail/CVE-2013-0248
generic_textual	LOW	https://security.gentoo.org/glsa/202107-39
generic_textual	LOW	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
generic_textual	LOW	http://www.osvdb.org/90906

Reference id	Reference type	URL
		http://archives.neohapsis.com/archives/bugtraq/2013-03/0035.html
		http://mail-archives.apache.org/mod_mbox/commons-user/201303.mbox/%3C51371C31.8020805@apache.org%3E
		http://marc.info/?l=bugtraq&m=144050155601375&w=2
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0248.json
		https://api.first.org/data/v1/epss?cve=CVE-2013-0248
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0248
		https://nvd.nist.gov/vuln/detail/CVE-2013-0248
		https://security.gentoo.org/glsa/202107-39
		http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
		http://www.osvdb.org/90906
922146		https://bugzilla.redhat.com/show_bug.cgi?id=922146
CVE-2013-0248		https://bugzilla.redhat.com/CVE-2013-0248
GHSA-vm69-474v-7q2w		https://github.com/advisories/GHSA-vm69-474v-7q2w

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.16173
EPSS Score	0.00052
Published At	Aug. 3, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T09:06:09.255703+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vm69-474v-7q2w/GHSA-vm69-474v-7q2w.json	37.0.0