VYPR
Low severityNVD Advisory· Published Mar 15, 2013· Updated Jun 16, 2026

CVE-2013-0248

CVE-2013-0248

Description

The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
commons-fileupload:commons-fileuploadMaven
>= 1.0, < 1.2.21.2.2

Affected products

7
  • cpe:2.3:a:apache:commons_fileupload:1.0:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:apache:commons_fileupload:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:commons_fileupload:1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:commons_fileupload:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:commons_fileupload:1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:commons_fileupload:1.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:commons_fileupload:1.2.2:*:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 1.0, < 1.2.2

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.