GHSA-vv7r-c36w-3prj
Suggest an improvement- Source
- https://github.com/advisories/GHSA-vv7r-c36w-3prj
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-vv7r-c36w-3prj/GHSA-vv7r-c36w-3prj.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-vv7r-c36w-3prj
- Aliases
- Related
- Published
- 2025-06-16T15:32:28Z
- Modified
- 2025-06-30T21:22:21.420301Z
- Downstream
- Severity
-
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers
- Details
-
Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload.
This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4.
Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.
- Database specific
{ "nvd_published_at": "2025-06-16T15:15:24Z", "severity": "HIGH", "github_reviewed_at": "2025-06-16T16:52:30Z", "github_reviewed": true, "cwe_ids": [ "CWE-770" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2025-48976
- https://github.com/apache/commons-fileupload/commit/bf68f63cfb312ef4710fb3dfb4d8e4e1665f4497
- https://github.com/apache/tomcat/commit/97790a35a27d236fa053e660676c3f8196284d93
- https://github.com/apache/commons-fileupload
- https://lists.apache.org/thread/fbs3wrr3p67vkjcxogqqqqz45pqtso12
- http://www.openwall.com/lists/oss-security/2025/06/16/4
Affected packages
Maven / org.apache.commons:commons-fileupload2-core
Package
- Name
- org.apache.commons:commons-fileupload2-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.commons/commons-fileupload2-core
Maven / org.apache.commons:commons-fileupload2-core
Package
- Name
- org.apache.commons:commons-fileupload2-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.commons/commons-fileupload2-core