{"id":"CVE-2016-1000031","details":"Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution","aliases":["GHSA-7x9j-7223-rg5m"],"modified":"2026-04-10T03:46:59.519814Z","published":"2016-10-25T14:29:00.180Z","related":["SUSE-SU-2019:1212-1","SUSE-SU-2019:1212-2","SUSE-SU-2019:1214-1","SUSE-SU-2019:14044-1","openSUSE-SU-2019:1399-1"],"references":[{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"type":"WEB","url":"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/d66657323fd25e437face5e84899c8ca404ccd187e81c3f2fa8b6080%40%3Cannounce.apache.org%3E"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpujan2020.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00036.html"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"type":"WEB","url":"https://issues.apache.org/jira/browse/WW-4812"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"type":"ADVISORY","url":"https://www.tenable.com/security/research/tra-2016-12"},{"type":"ADVISORY","url":"https://www.tenable.com/security/research/tra-2016-23"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"},{"type":"ADVISORY","url":"https://issues.apache.org/jira/browse/FILEUPLOAD-279"},{"type":"ADVISORY","url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"type":"ADVISORY","url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"type":"ADVISORY","url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"type":"ADVISORY","url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"type":"ADVISORY","url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"type":"ADVISORY","url":"https://www.tenable.com/security/research/tra-2016-30"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20190212-0001/"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/93604"},{"type":"ADVISORY","url":"http://www.zerodayinitiative.com/advisories/ZDI-16-570/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/commons-fileupload","events":[{"introduced":"0"},{"last_affected":"1a01d4b321351ddc8b0cabafe09aa1e96ae7f08d"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.3.2"}]}}],"versions":["commons-fileupload-1.3.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-1000031.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}