Closed SunBK201 closed 1 month ago
👋 Hi @SunBK201, I'm not merging this community contribution because, according to https://mvnrepository.com/artifact/commons-fileupload/commons-fileupload, 1.0-beta-1
is the first version of commons-fileupload:commons-fileupload
. Therefore, the vulnerable version ranges >= 1.0-beta-1, < 1.3.3
and < 1.3.3
generate the same alerts, and the change is unnecessary.
Updates
Comments https://sca.analysiscenter.veracode.com/vulnerability-database/security/remote-code-execution-via-serialization/java/sid-2911/summary