Apache Software Foundation Apache Commons Fileupload vulnerabilities

CVE-2025-48976 [HIGH] CWE-770 CVE-2025-48976: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability i Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.

CVE-2023-24998 [HIGH] CWE-770 Apache Commons FileUpload, Apache Tomcat: FileUpload DoS with excessive parts Apache Commons FileUpload, Apache Tomcat: FileUpload DoS with excessive parts Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax)