[GHSA-7x9j-7223-rg5m] Improper Access Control in commons-fileupload

github / advisory-database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Creative Commons Attribution 4.0 International

1.67k stars 305 forks source link

[GHSA-7x9j-7223-rg5m] Improper Access Control in commons-fileupload #4495

Closed SunBK201 closed 1 month ago

SunBK201 commented 1 month ago

Updates

Affected products

Comments https://sca.analysiscenter.veracode.com/vulnerability-database/security/remote-code-execution-via-serialization/java/sid-2911/summary

shelbyc commented 1 month ago

👋 Hi @SunBK201, I'm not merging this community contribution because, according to https://mvnrepository.com/artifact/commons-fileupload/commons-fileupload, 1.0-beta-1 is the first version of commons-fileupload:commons-fileupload. Therefore, the vulnerable version ranges >= 1.0-beta-1, < 1.3.3 and < 1.3.3 generate the same alerts, and the change is unnecessary.