Good morning, Thank you for bringing this to our attention. We appreciate community input in order to provide the most accurate and up-to-date information as possible. After reviewing publicly available information we have made the appropriate modifications to remove CPE Applicability Statements for Apache Commons FileUpload versions 2.0.0 M4 and 2.0.0 M4-RC1 from the configurations. Please allow up to 24 hours for the changes to be reflected on the website and in the data feeds.
V/r, Vidya Ananth Common Platform Enumeration Team National Institute of Standards and Technology (NIST) cpe_diction...@nist.gov -----Original Message----- From: Gary Gregory <ggreg...@apache.org> Sent: Monday, July 14, 2025 5:26 PM To: cpe_dictionary <cpe_diction...@nist.gov> Cc: Commons Developers List <dev@commons.apache.org> Subject: [EXTERNAL] Wrong version for https://nvd.nist.gov/vuln/detail/CVE-2025-48976#match-16814623 Hi NIST, Gary Gregory here from the Apache Commons project, reporting that https://nvd.nist.gov/vuln/detail/CVE-2025-48976#match-16814623 lists version 2.0.0-M4 as vulnerable when it fixes the issue. Our ticket: https://issues.apache.org/jira/browse/FILEUPLOAD-361 TY, Gary --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
