Good morning, Thank you for bringing this to our attention. We appreciate community input in order to provide the most accurate and up-to-date information as possible. After reviewing publicly available information we have made the appropriate modifications to remove CPE Applicability Statements for Apache Commons FileUpload versions 2.0.0 M4 and 2.0.0 M4-RC1 from the configurations. Please allow up to 24 hours for the changes to be reflected on the website and in the data feeds.
V/r, Vidya Ananth Common Platform Enumeration Team National Institute of Standards and Technology (NIST) [email protected] -----Original Message----- From: Gary Gregory <[email protected]> Sent: Monday, July 14, 2025 5:26 PM To: cpe_dictionary <[email protected]> Cc: Commons Developers List <[email protected]> Subject: [EXTERNAL] Wrong version for https://nvd.nist.gov/vuln/detail/CVE-2025-48976#match-16814623 Hi NIST, Gary Gregory here from the Apache Commons project, reporting that https://nvd.nist.gov/vuln/detail/CVE-2025-48976#match-16814623 lists version 2.0.0-M4 as vulnerable when it fixes the issue. Our ticket: https://issues.apache.org/jira/browse/FILEUPLOAD-361 TY, Gary --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
