Commons Fileupload
Sign in to watchby Apache
CVEs (3)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-1000031 | Cri | 0.68 | 9.8 | 0.56 | Oct 25, 2016 | Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution | |
| CVE-2014-0050 | 0.03 | — | 0.93 | Apr 1, 2014 | MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions. | ||
| CVE-2013-0248 | 0.00 | — | 0.00 | Mar 15, 2013 | The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack. |