update for jakarta-commons-fileupload
A remote attacker could supply a serialized instance of the DiskFileItem class, which would be deserialized on a server and write arbitrary content to any location on the server that is permitted by the user running the application server process. bnc#846174/CVE-2013-2186
-
Submitted by
Michal Vyskocil (mvyskocil)
Fixed bugs
bnc#846174
VUL-0: CVE-2013-2186: jakarta-commons-fileupload: null byte injection flaw
