721 matches found
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when processing multipart headers. An attacker can exhaust system resources by sending malicious requests with excessively large individual multipart headers. Remediation Upgrade...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +15648 more potentially affected by CVE-2025-48976 via commons-fileupload:commons-fileupload (>=1.0 <=1.5)
commons-fileupload:commons-fileupload MAVEN version =1.0, =1.1, =0.0.1, =0.5.0, =0.6.0, =0.5.0, =0.8.4, =0.8.4, =0.8.4, =0.8.4, =0.8.4, =0.8.7 and more Source cves: CVE-2025-48976 Source advisory: OSV:GHSA-VV7R-C36W-3PRJ...
Allocation of Resources Without Limits or Throttling
Overview commons-fileupload:commons-fileupload is a component that provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or...
Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers
Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fi...
au.com.versent.jenkins.plugins:ignore-committer-strategy (>=55.v51410e712e0c <=57.v0756db_b_f6926), be.personify.iam:personify-frontend (>=1.5.4.RELEASE <=1.5.5.RELEASE) +1914 more potentially affected by CVE-2025-48976 via org.apache.commons:commons-fileupload2-core (>=2.0.0-M1 <=2.0.0-M3)
org.apache.commons:commons-fileupload2-core MAVEN version =2.0.0-M1, =55.v51410e712e0c, =1.5.4.RELEASE, =1.0.0, =0.0.15, =24.7.0, =24.7.0, =24.7.0, =24.7.0, =24.11.0, =24.7.0, =24.7.0, =24.7.0, =25.1.0, =3.0.1, =3.2.12 and more Source cves: CVE-2025-48976 Source advisory: OSV:GHSA-VV7R-C36W-3PRJ...
au.com.versent.jenkins.plugins:ignore-committer-strategy (>=55.v51410e712e0c <=57.v0756db_b_f6926), be.personify.iam:personify-frontend (>=1.5.4.RELEASE <=1.5.5.RELEASE) +1914 more potentially affected by CVE-2025-48976 via org.apache.commons:commons-fileupload2-core (>=2.0.0-M1 <=2.0.0-M3)
org.apache.commons:commons-fileupload2-core MAVEN version =2.0.0-M1, =55.v51410e712e0c, =1.5.4.RELEASE, =1.0.0, =0.0.15, =24.7.0, =24.7.0, =24.7.0, =24.7.0, =24.11.0, =24.7.0, =24.7.0, =24.7.0, =25.1.0, =3.0.1, =3.2.12 and more Source cves: CVE-2025-48976 Source advisory:...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +15648 more potentially affected by CVE-2025-48976 via commons-fileupload:commons-fileupload (>=1.0 <=1.5)
commons-fileupload:commons-fileupload MAVEN version =1.0, =1.1, =0.0.1, =0.5.0, =0.6.0, =0.5.0, =0.8.4, =0.8.4, =0.8.4, =0.8.4, =0.8.4, =0.8.7 and more Source cves: CVE-2025-48976 Source advisory: SNYK:JAVA-COMMONSFILEUPLOAD-10363252...
GHSA-VV7R-C36W-3PRJ Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers
Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fi...
CVE-2025-48976
Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fi...
CVE-2025-48976
Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fi...
DEBIAN-CVE-2025-48976
Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fi...
UBUNTU-CVE-2025-48976
Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fi...
CVE-2025-48976 Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers
Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fi...
CVE-2025-48976
CVE-2025-48976 is a DoS in Apache Commons FileUpload caused by allocation of resources for multipart headers with insufficient limits. Affected: 1.0 before 1.6 and 2.0.0-M1 before 2.0.0-M4. Impact: potential high-availability disruption. Remediation: upgrade to 1.6 or 2.0.0-M4 (as stated in multi...
Malicious code in commons-fileupload (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 176e367d438eb3f5463d593e36cde70f38d1f86a0af240ea8669e0c8a25ed516 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4820 Malicious code in commons-fileupload (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 176e367d438eb3f5463d593e36cde70f38d1f86a0af240ea8669e0c8a25ed516 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Security Bulletin: IBM Cloud Pak for Network Automation 2.7 fixes multiple security vulnerabilities
Summary IBM Cloud Pak for Network Automation 2.7 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts t...
Security Bulletin: Multiple vulnerabilities found on thirdparty libraries used by IBM® MobileFirst Platform
Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not lim...
Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Commons Fileupload and Apache Tomcat
Summary Vulnerabilities have been identified in Apache Commons Fileupload and Apache Tomcat which are used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2016-3092 DESCRIPTIO...
Linux Distros Unpatched Vulnerability : CVE-2023-24998
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS wit...