Information Exposure Affecting commons-fileupload:commons-fileupload Open this link in a new tab package, versions [,1.3.2)
Do your applications use this vulnerable package?
17 Feb 2017
17 Feb 2014
Introduced: 17 Feb 2014CWE-200 Open this link in a new tab
commons-fileupload:commons-fileupload provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.
Affected versions of the package are vulnerable to Information Disclosure because the
InputStream is not closed on exception.
commons-fileupload to version 1.3.2 or higher.