VYPR

rpm package

opensuse/apache-commons-fileupload&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/apache-commons-fileupload&distro=openSUSE%20Tumbleweed

Vulnerabilities (4)

  • CVE-2025-48976Jun 16, 2025
    affected < 1.6.0-1.1fixed 1.6.0-1.1

    Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or

  • CVE-2023-24998Feb 20, 2023
    affected < 1.5-1.1fixed 1.5-1.1

    Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configur

  • CVE-2014-0050Apr 1, 2014
    affected < 1.4-1.9fixed 1.4-1.9

    MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit

  • CVE-2013-2186Oct 28, 2013
    affected < 1.4-1.9fixed 1.4-1.9

    The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.