Information on source package libcommons-fileupload-java

Available versions

Release	Version
jessie	1.3.1-1+deb8u1
stretch	1.3.2-2
buster	1.3.3-1
bullseye	1.4-1
bookworm	1.4-2
trixie	1.5-1
sid	1.5-1

Open issues

Bug	jessie	stretch	buster	bullseye	bookworm	trixie	sid	Description
CVE-2023-24998	vulnerable	vulnerable (no DSA, ignored)	vulnerable (no DSA)	vulnerable (no DSA)	fixed	fixed	fixed	Apache Commons FileUpload before 1.5 does not limit the number of requ ...

Open unimportant issues

Bug	jessie	stretch	buster	bullseye	bookworm	trixie	sid	Description
CVE-2016-1000031	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation ...

Resolved issues

Bug	Description
CVE-2016-3092	The MultipartStream class in Apache Commons Fileupload before 1.3.2, a ...
CVE-2014-0050	MultipartStream.java in Apache Commons FileUpload before 1.3.1, as use ...
CVE-2013-2186	The DiskFileItem class in Apache Commons FileUpload, as used in Red Ha ...
CVE-2013-0248	The default configuration of javax.servlet.context.tempdir in Apache C ...

Security announcements

DSA / DLA	Description
DSA-3611-1	libcommons-fileupload-java - security update
DLA-528-1	libcommons-fileupload-java - security update
DSA-2856-1	libcommons-fileupload-java - security update
DSA-2827-1	libcommons-fileupload-java - arbitrary file upload via deserialization