Thank you for the quick response. Gary
On Tue, Jul 15, 2025, 10:27 cpe_dictionary <cpe_diction...@nist.gov> wrote: > Good morning, > > Thank you for bringing this to our attention. We appreciate community > input in order to provide the most accurate and up-to-date information as > possible. After reviewing publicly available information we have made the > appropriate modifications to remove CPE Applicability Statements for Apache > Commons FileUpload versions 2.0.0 M4 and 2.0.0 M4-RC1 from the > configurations. Please allow up to 24 hours for the changes to be > reflected on the website and in the data feeds. > > V/r, > Vidya Ananth > Common Platform Enumeration Team > National Institute of Standards and Technology (NIST) > cpe_diction...@nist.gov > > > -----Original Message----- > From: Gary Gregory <ggreg...@apache.org> > Sent: Monday, July 14, 2025 5:26 PM > To: cpe_dictionary <cpe_diction...@nist.gov> > Cc: Commons Developers List <dev@commons.apache.org> > Subject: [EXTERNAL] Wrong version for > https://nvd.nist.gov/vuln/detail/CVE-2025-48976#match-16814623 > > Hi NIST, > > Gary Gregory here from the Apache Commons project, reporting that > https://nvd.nist.gov/vuln/detail/CVE-2025-48976#match-16814623 lists > version 2.0.0-M4 as vulnerable when it fixes the issue. > > Our ticket: https://issues.apache.org/jira/browse/FILEUPLOAD-361 > > TY, > Gary >
