Severity: important
Affected versions:
- Apache Commons FileUpload (commons-fileupload:commons-fileupload) 1.0
before 1.6
- Apache Commons FileUpload (org.apache.commons:commons-fileupload2)
2.0.0-M1 before 2.0.0-M4
Description:
Allocation of resources for multipart headers with insufficient limits
enabled a DoS vulnerability in Apache Commons FileUpload.
This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from
2.0.0-M1 before 2.0.0-M4.
Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix
the issue.
Credit:
TERASOLUNA Framework Security Team of NTT DATA Group Corporation (finder)
References:
https://commons.apache.org/
https://www.cve.org/CVERecord?id=CVE-2025-48976
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@commons.apache.org
For additional commands, e-mail: user-h...@commons.apache.org
