Hi, The current (v1.6.3) and previous releases of Axis2 contain the apache commons-fileupload-1.2.jar.
This jar is flagged as being vulnerable to CVE-2013-0248 Could anyone confirm if either: This vulnerability is not applicable to the use of the jar in Axis2 If an update is planned Details of the vulnerability: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0248 Many thanks, Charlie Martin WebSphere MQ Development IBM Hursley Labs, Hursley Park, Winchester, Hants. SO21 2JN. UK. Email: [email protected] Tel: +44 (0) 1962 815860, Internal: 37245860 Unless stated otherwise above: IBM United Kingdom Limited - Registered in England and Wales with number 741598. Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU Unless stated otherwise above: IBM United Kingdom Limited - Registered in England and Wales with number 741598. Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU
