commons-fileupload:commons-fileupload@1.0 vulnerabilities

commons-fileupload:commons-fileupload is a component that provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.

Affected versions of this package are vulnerable to Denial of Service (DoS) when an attacker sends a large number of request parts in a series of uploads or a single multipart upload.

NOTE: After upgrading to the fixed version, the setFileCountMax() must be explicitly set to avoid this vulnerability.

Upgrade commons-fileupload:commons-fileupload to version 1.5 or higher.

commons-fileupload:commons-fileupload provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.

Affected versions of the package are vulnerable to Information Disclosure because the InputStream is not closed on exception.

Upgrade commons-fileupload to version 1.3.2 or higher.

commons-fileupload:commons-fileupload is a component that provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.

Affected versions of this package are vulnerable to Time of Check Time of Use (TOCTOU) if the attacker has write access to the /tmp directory.

Upgrade commons-fileupload:commons-fileupload to version 1.3 or higher.

commons-fileupload:commons-fileupload Affected versions of this package are vulnerable to Denial of Service (DoS) attacks. An attacker may send a specially crafted Content-Type header that bypasses a loop's intended exit conditions, causing an infinite loop and high CPU consumption.

commons-fileupload:commons-fileupload Affected versions of this package are vulnerable to Arbitrary File Write.