An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1xeDZoLTk1NjctNWZxd84AAXnF

Arbitrary file write in Apache Commons Fileupload

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: about 2 months ago

Identifiers: GHSA-qx6h-9567-5fqw, CVE-2013-2186
References: Repository:
Blast Radius: 0.0

Affected Packages

Dependent packages: 2,282
Dependent repositories: 103,825
Affected Version Ranges: < 1.3.1
Fixed in: 1.3.1
All affected versions: 1.2.1, 1.2.2
All unaffected versions: 1.3.1, 1.3.2, 1.3.3