commons-fileupload:commons-fileupload 1.0-beta-1 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the commons-fileupload:commons-fileupload package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Denial of Service (DoS) dsfsdf commons-fileupload:commons-fileupload is a component that provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications. Affected versions of this package are vulnerable to Denial of Service (DoS) when an attacker sends a large number of request parts in a series of uploads or a single multipart upload. NOTE: After upgrading to the fixed version, the `setFileCountMax()` must be explicitly set to avoid this vulnerability. How to fix Denial of Service (DoS)? Upgrade `commons-fileupload:commons-fileupload` to version 1.5 or higher.	[1.0-beta-1,1.5)
M Information Exposure dsfsdf `commons-fileupload:commons-fileupload` provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications. Affected versions of the package are vulnerable to Information Disclosure because the `InputStream` is not closed on exception. How to fix Information Exposure? Upgrade `commons-fileupload` to version 1.3.2 or higher.	[,1.3.2)
M Time of Check Time of Use (TOCTOU) dsfsdf commons-fileupload:commons-fileupload is a component that provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications. Affected versions of this package are vulnerable to Time of Check Time of Use (TOCTOU) if the attacker has write access to the /tmp directory. How to fix Time of Check Time of Use (TOCTOU)? Upgrade `commons-fileupload:commons-fileupload` to version 1.3 or higher.	[,1.3)
H Denial of Service (DoS) dsfsdf `commons-fileupload:commons-fileupload` Affected versions of this package are vulnerable to Denial of Service (DoS) attacks. An attacker may send a specially crafted `Content-Type` header that bypasses a loop's intended exit conditions, causing an infinite loop and high CPU consumption.	[,1.3.1)
H Arbitrary File Write dsfsdf `commons-fileupload:commons-fileupload` Affected versions of this package are vulnerable to Arbitrary File Write.	[,1.3.1)

Vulnerability

Vulnerable Version

Denial of Service (DoS) dsfsdf

commons-fileupload:commons-fileupload is a component that provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.

Affected versions of this package are vulnerable to Denial of Service (DoS) when an attacker sends a large number of request parts in a series of uploads or a single multipart upload.

NOTE: After upgrading to the fixed version, the setFileCountMax() must be explicitly set to avoid this vulnerability.

How to fix Denial of Service (DoS)?

Upgrade commons-fileupload:commons-fileupload to version 1.5 or higher.

[1.0-beta-1,1.5)

Information Exposure dsfsdf

commons-fileupload:commons-fileupload provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.

Affected versions of the package are vulnerable to Information Disclosure because the InputStream is not closed on exception.

How to fix Information Exposure?

Upgrade commons-fileupload to version 1.3.2 or higher.

[,1.3.2)

Time of Check Time of Use (TOCTOU) dsfsdf

commons-fileupload:commons-fileupload is a component that provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.

Affected versions of this package are vulnerable to Time of Check Time of Use (TOCTOU) if the attacker has write access to the /tmp directory.

How to fix Time of Check Time of Use (TOCTOU)?

Upgrade commons-fileupload:commons-fileupload to version 1.3 or higher.

[,1.3)

Denial of Service (DoS) dsfsdf

commons-fileupload:commons-fileupload Affected versions of this package are vulnerable to Denial of Service (DoS) attacks. An attacker may send a specially crafted Content-Type header that bypasses a loop's intended exit conditions, causing an infinite loop and high CPU consumption.

[,1.3.1)

Arbitrary File Write dsfsdf

commons-fileupload:commons-fileupload Affected versions of this package are vulnerable to Arbitrary File Write.

[,1.3.1)

commons-fileupload:commons-fileupload@1.0-beta-1 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities

How to fix?