Release | Version |
---|---|
jessie | 1.3.1-1+deb8u1 |
stretch | 1.3.2-2 |
buster | 1.3.3-1 |
bullseye | 1.4-1 |
bookworm | 1.4-2 |
trixie | 1.5-1 |
sid | 1.5-1 |
Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
---|---|---|---|---|---|---|---|---|
CVE-2023-24998 | vulnerable | vulnerable (no DSA, ignored) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | Apache Commons FileUpload before 1.5 does not limit the number of requ ... |
Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
---|---|---|---|---|---|---|---|---|
CVE-2016-1000031 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation ... |
Bug | Description |
---|---|
CVE-2016-3092 | The MultipartStream class in Apache Commons Fileupload before 1.3.2, a ... |
CVE-2014-0050 | MultipartStream.java in Apache Commons FileUpload before 1.3.1, as use ... |
CVE-2013-2186 | The DiskFileItem class in Apache Commons FileUpload, as used in Red Ha ... |
CVE-2013-0248 | The default configuration of javax.servlet.context.tempdir in Apache C ... |
DSA / DLA | Description |
---|---|
DSA-3611-1 | libcommons-fileupload-java - security update |
DLA-528-1 | libcommons-fileupload-java - security update |
DSA-2856-1 | libcommons-fileupload-java - security update |
DSA-2827-1 | libcommons-fileupload-java - arbitrary file upload via deserialization |