Do your applications use this vulnerable package?
17 Feb 2017
17 Feb 2014
How to fix?
commons-fileupload to version 1.3.2 or higher.
commons-fileupload:commons-fileupload provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.
Affected versions of the package are vulnerable to Information Disclosure because the
InputStream is not closed on exception.