|Description||Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)|
|NVD severity||high (attack range: remote)|
Vulnerable and fixed packages
The table below lists information on source packages.
|libcommons-fileupload-java (PTS)||jessie (security), jessie||1.3.1-1+deb8u1||vulnerable|
The information below is based on the following data on fixed versions.
Marked as unimportant since even though the CVE is assigned for Apache Commons FileUpload
Apache say that issue needs to be fixed in any vendor/product using Apache Commons FileUpload
DiskFileItem as described in the given advisory.
Thus we are not going to diverge from Apache upstream here.