[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2023-24998":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":406,"aliases":407,"duplicate_of":9,"upstream":409,"downstream":410,"duplicates":457,"related":458,"reserved_at":9,"published_at":477,"modified_at":478,"state":479,"summary":480,"references_raw":488,"kevs":589,"epss":590,"epss_history":593,"metrics":830,"affected":838},"CVE-2023-24998","Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\n\n\n\n\nNote that, like all of the file upload limits, the\n          new configuration option (FileUploadBase#setFileCountMax) is not\n          enabled by default and must be explicitly configured.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-770","Allocation of Resources Without Limits or Throttling","The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.","weakness","Incomplete","Base","High",[20,106,116,120,124,128,132,136,168,230,234,238,268,298,330,334,338,342,346,350],{"id":21,"name":22,"techniques":23},"CAPEC-125","Flooding",[24,78],{"id":25,"name":26,"tactics":27,"countermeasures":31},"T1498.001","Direct Network Flood",[28],{"id":29,"name":30},"TA0105","Impact",[32,37,41,45,49,53,57,61,65,69,74],{"id":33,"name":34,"tactic":35},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":36},"Detect",{"id":38,"name":39,"tactic":40},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":36},{"id":42,"name":43,"tactic":44},"D3-CSPP","Client-server Payload Profiling",{"name":36},{"id":46,"name":47,"tactic":48},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":36},{"id":50,"name":51,"tactic":52},"D3-NTSA","Network Traffic Signature Analysis",{"name":36},{"id":54,"name":55,"tactic":56},"D3-APCA","Application Protocol Command Analysis",{"name":36},{"id":58,"name":59,"tactic":60},"D3-NTCD","Network Traffic Community Deviation",{"name":36},{"id":62,"name":63,"tactic":64},"D3-RTSD","Remote Terminal Session Detection",{"name":36},{"id":66,"name":67,"tactic":68},"D3-ISVA","Inbound Session Volume Analysis",{"name":36},{"id":70,"name":71,"tactic":72},"D3-NTF","Network Traffic Filtering",{"name":73},"Isolate",{"id":75,"name":76,"tactic":77},"D3-ITF","Inbound Traffic Filtering",{"name":73},{"id":79,"name":80,"tactics":81,"countermeasures":83},"T1499","Endpoint Denial of Service",[82],{"id":29,"name":30},[84,86,88,90,92,94,96,98,100,102,104],{"id":33,"name":34,"tactic":85},{"name":36},{"id":38,"name":39,"tactic":87},{"name":36},{"id":42,"name":43,"tactic":89},{"name":36},{"id":46,"name":47,"tactic":91},{"name":36},{"id":50,"name":51,"tactic":93},{"name":36},{"id":54,"name":55,"tactic":95},{"name":36},{"id":58,"name":59,"tactic":97},{"name":36},{"id":62,"name":63,"tactic":99},{"name":36},{"id":66,"name":67,"tactic":101},{"name":36},{"id":70,"name":71,"tactic":103},{"name":73},{"id":75,"name":76,"tactic":105},{"name":73},{"id":107,"name":108,"techniques":109},"CAPEC-130","Excessive Allocation",[110],{"id":111,"name":112,"tactics":113,"countermeasures":115},"T1499.003","Application Exhaustion Flood",[114],{"id":29,"name":30},[],{"id":117,"name":118,"techniques":119},"CAPEC-147","XML Ping of the Death",[],{"id":121,"name":122,"techniques":123},"CAPEC-197","Exponential Data Expansion",[],{"id":125,"name":126,"techniques":127},"CAPEC-229","Serialized Data Parameter Blowup",[],{"id":129,"name":130,"techniques":131},"CAPEC-230","Serialized Data with Nested Payloads",[],{"id":133,"name":134,"techniques":135},"CAPEC-231","Oversized Serialized Data Payloads",[],{"id":137,"name":138,"techniques":139},"CAPEC-469","HTTP DoS",[140],{"id":141,"name":142,"tactics":143,"countermeasures":145},"T1499.002","Service Exhaustion Flood",[144],{"id":29,"name":30},[146,148,150,152,154,156,158,160,162,164,166],{"id":33,"name":34,"tactic":147},{"name":36},{"id":38,"name":39,"tactic":149},{"name":36},{"id":42,"name":43,"tactic":151},{"name":36},{"id":46,"name":47,"tactic":153},{"name":36},{"id":50,"name":51,"tactic":155},{"name":36},{"id":54,"name":55,"tactic":157},{"name":36},{"id":58,"name":59,"tactic":159},{"name":36},{"id":62,"name":63,"tactic":161},{"name":36},{"id":66,"name":67,"tactic":163},{"name":36},{"id":70,"name":71,"tactic":165},{"name":73},{"id":75,"name":76,"tactic":167},{"name":73},{"id":169,"name":170,"techniques":171},"CAPEC-482","TCP Flood",[172,198,204],{"id":25,"name":26,"tactics":173,"countermeasures":175},[174],{"id":29,"name":30},[176,178,180,182,184,186,188,190,192,194,196],{"id":33,"name":34,"tactic":177},{"name":36},{"id":38,"name":39,"tactic":179},{"name":36},{"id":42,"name":43,"tactic":181},{"name":36},{"id":46,"name":47,"tactic":183},{"name":36},{"id":50,"name":51,"tactic":185},{"name":36},{"id":54,"name":55,"tactic":187},{"name":36},{"id":58,"name":59,"tactic":189},{"name":36},{"id":62,"name":63,"tactic":191},{"name":36},{"id":66,"name":67,"tactic":193},{"name":36},{"id":70,"name":71,"tactic":195},{"name":73},{"id":75,"name":76,"tactic":197},{"name":73},{"id":199,"name":200,"tactics":201,"countermeasures":203},"T1499.001","OS Exhaustion Flood",[202],{"id":29,"name":30},[],{"id":141,"name":142,"tactics":205,"countermeasures":207},[206],{"id":29,"name":30},[208,210,212,214,216,218,220,222,224,226,228],{"id":33,"name":34,"tactic":209},{"name":36},{"id":38,"name":39,"tactic":211},{"name":36},{"id":42,"name":43,"tactic":213},{"name":36},{"id":46,"name":47,"tactic":215},{"name":36},{"id":50,"name":51,"tactic":217},{"name":36},{"id":54,"name":55,"tactic":219},{"name":36},{"id":58,"name":59,"tactic":221},{"name":36},{"id":62,"name":63,"tactic":223},{"name":36},{"id":66,"name":67,"tactic":225},{"name":36},{"id":70,"name":71,"tactic":227},{"name":73},{"id":75,"name":76,"tactic":229},{"name":73},{"id":231,"name":232,"techniques":233},"CAPEC-486","UDP Flood",[],{"id":235,"name":236,"techniques":237},"CAPEC-487","ICMP Flood",[],{"id":239,"name":240,"techniques":241},"CAPEC-488","HTTP Flood",[242],{"id":141,"name":142,"tactics":243,"countermeasures":245},[244],{"id":29,"name":30},[246,248,250,252,254,256,258,260,262,264,266],{"id":33,"name":34,"tactic":247},{"name":36},{"id":38,"name":39,"tactic":249},{"name":36},{"id":42,"name":43,"tactic":251},{"name":36},{"id":46,"name":47,"tactic":253},{"name":36},{"id":50,"name":51,"tactic":255},{"name":36},{"id":54,"name":55,"tactic":257},{"name":36},{"id":58,"name":59,"tactic":259},{"name":36},{"id":62,"name":63,"tactic":261},{"name":36},{"id":66,"name":67,"tactic":263},{"name":36},{"id":70,"name":71,"tactic":265},{"name":73},{"id":75,"name":76,"tactic":267},{"name":73},{"id":269,"name":270,"techniques":271},"CAPEC-489","SSL Flood",[272],{"id":141,"name":142,"tactics":273,"countermeasures":275},[274],{"id":29,"name":30},[276,278,280,282,284,286,288,290,292,294,296],{"id":33,"name":34,"tactic":277},{"name":36},{"id":38,"name":39,"tactic":279},{"name":36},{"id":42,"name":43,"tactic":281},{"name":36},{"id":46,"name":47,"tactic":283},{"name":36},{"id":50,"name":51,"tactic":285},{"name":36},{"id":54,"name":55,"tactic":287},{"name":36},{"id":58,"name":59,"tactic":289},{"name":36},{"id":62,"name":63,"tactic":291},{"name":36},{"id":66,"name":67,"tactic":293},{"name":36},{"id":70,"name":71,"tactic":295},{"name":73},{"id":75,"name":76,"tactic":297},{"name":73},{"id":299,"name":300,"techniques":301},"CAPEC-490","Amplification",[302],{"id":303,"name":304,"tactics":305,"countermeasures":307},"T1498.002","Reflection Amplification",[306],{"id":29,"name":30},[308,310,312,314,316,318,320,322,324,326,328],{"id":33,"name":34,"tactic":309},{"name":36},{"id":38,"name":39,"tactic":311},{"name":36},{"id":42,"name":43,"tactic":313},{"name":36},{"id":46,"name":47,"tactic":315},{"name":36},{"id":50,"name":51,"tactic":317},{"name":36},{"id":54,"name":55,"tactic":319},{"name":36},{"id":58,"name":59,"tactic":321},{"name":36},{"id":62,"name":63,"tactic":323},{"name":36},{"id":66,"name":67,"tactic":325},{"name":36},{"id":70,"name":71,"tactic":327},{"name":73},{"id":75,"name":76,"tactic":329},{"name":73},{"id":331,"name":332,"techniques":333},"CAPEC-491","Quadratic Data Expansion",[],{"id":335,"name":336,"techniques":337},"CAPEC-493","SOAP Array Blowup",[],{"id":339,"name":340,"techniques":341},"CAPEC-494","TCP Fragmentation",[],{"id":343,"name":344,"techniques":345},"CAPEC-495","UDP Fragmentation",[],{"id":347,"name":348,"techniques":349},"CAPEC-496","ICMP Fragmentation",[],{"id":351,"name":352,"techniques":353},"CAPEC-528","XML Flood",[354,380],{"id":141,"name":142,"tactics":355,"countermeasures":357},[356],{"id":29,"name":30},[358,360,362,364,366,368,370,372,374,376,378],{"id":33,"name":34,"tactic":359},{"name":36},{"id":38,"name":39,"tactic":361},{"name":36},{"id":42,"name":43,"tactic":363},{"name":36},{"id":46,"name":47,"tactic":365},{"name":36},{"id":50,"name":51,"tactic":367},{"name":36},{"id":54,"name":55,"tactic":369},{"name":36},{"id":58,"name":59,"tactic":371},{"name":36},{"id":62,"name":63,"tactic":373},{"name":36},{"id":66,"name":67,"tactic":375},{"name":36},{"id":70,"name":71,"tactic":377},{"name":73},{"id":75,"name":76,"tactic":379},{"name":73},{"id":25,"name":26,"tactics":381,"countermeasures":383},[382],{"id":29,"name":30},[384,386,388,390,392,394,396,398,400,402,404],{"id":33,"name":34,"tactic":385},{"name":36},{"id":38,"name":39,"tactic":387},{"name":36},{"id":42,"name":43,"tactic":389},{"name":36},{"id":46,"name":47,"tactic":391},{"name":36},{"id":50,"name":51,"tactic":393},{"name":36},{"id":54,"name":55,"tactic":395},{"name":36},{"id":58,"name":59,"tactic":397},{"name":36},{"id":62,"name":63,"tactic":399},{"name":36},{"id":66,"name":67,"tactic":401},{"name":36},{"id":70,"name":71,"tactic":403},{"name":73},{"id":75,"name":76,"tactic":405},{"name":73},[],[408],"GHSA-hfrx-6qgj-fp6c",[],[411,413,415,417,419,421,423,425,427,429,431,433,435,437,439,441,443,445,447,449,451,453,455],{"_key":412},"SUSE-SU-2023:0695-1",{"_key":414},"SUSE-SU-2023:2505-1",{"_key":416},"SUSE-SU-2023:0696-1",{"_key":418},"SUSE-SU-2023:0697-1",{"_key":420},"SUSE-SU-2023:0758-1",{"_key":422},"SUSE-SU-2023:0730-1",{"_key":424},"SUSE-SU-2023:1769-1",{"_key":426},"SUSE-SU-2023:2390-1",{"_key":428},"OPENSUSE-SU-2024:12750-1",{"_key":430},"OPENSUSE-SU-2024:12950-1",{"_key":432},"OPENSUSE-SU-2024:13441-1",{"_key":434},"DLA-3617-1",{"_key":436},"DLA-4245-1",{"_key":438},"DSA-5522-1",{"_key":440},"RHSA-2023:4909",{"_key":442},"RHSA-2023:6570",{"_key":444},"RHSA-2023:7065",{"_key":446},"SUSE-SU-2026:1058-1",{"_key":448},"MGASA-2023-0070",{"_key":450},"MGASA-2023-0138",{"_key":452},"DEBIAN-CVE-2023-24998",{"_key":454},"UBUNTU-CVE-2023-24998",{"_key":456},"RHSA-2023:3299",[],[459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,475],{"_key":412},{"_key":414},{"_key":416},{"_key":418},{"_key":420},{"_key":422},{"_key":424},{"_key":426},{"_key":428},{"_key":430},{"_key":432},{"_key":446},{"_key":448},{"_key":450},{"_key":474},"CGA-VHV7-2GWW-H7X4",{"_key":476},"CGA-PJ4R-M49C-RMJ4","2023-02-20T15:57:07.372Z","2025-11-03T21:47:24.224Z","Modified",{"cisa_kev":481,"cisa_ransomware":481,"cisa_vendor":9,"epss_severity":482,"epss_score":483,"severity":482,"severity_score":484,"severity_version":485,"severity_source":486,"severity_vector":487,"severity_status":479},false,"high",0.339,7.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",[489,498,502,507,511,515,519,523,527,532,536,540,544,548,552,556,560,564,568,572,576,580,585],{"url":490,"sources":491,"tags":494},"https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy",[492,486,493],"cve.org","osv_maven",[495,496,497],"Vendor Advisory","Mailing List","WEB",{"url":499,"sources":500,"tags":501},"http://www.openwall.com/lists/oss-security/2023/05/22/1",[492,486,493],[496,497],{"url":503,"sources":504,"tags":505},"https://security.gentoo.org/glsa/202305-37",[492,486,493],[506,497],"Third Party Advisory",{"url":508,"sources":509,"tags":510},"https://www.debian.org/security/2023/dsa-5522",[492,486,493],[506,497],{"url":512,"sources":513,"tags":514},"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html",[492,486,493],[506,497],{"url":516,"sources":517,"tags":518},"https://security.netapp.com/advisory/ntap-20230302-0013/",[492,486],[],{"url":520,"sources":521,"tags":522},"https://lists.debian.org/debian-lts-announce/2025/07/msg00008.html",[492,486,493],[497],{"url":524,"sources":525,"tags":526},"https://security.netapp.com/advisory/ntap-20241108-0002/",[492,486],[],{"url":528,"sources":529,"tags":530},"https://nvd.nist.gov/vuln/detail/CVE-2023-24998",[493],[531],"Advisory",{"url":533,"sources":534,"tags":535},"https://github.com/apache/commons-fileupload/commit/e20c04990f7420ca917e96a84cec58b13a1b3d17",[493],[497],{"url":537,"sources":538,"tags":539},"https://github.com/apache/tomcat/commit/8a2285f13affa961cc65595aad999db5efae45ce",[493],[497],{"url":541,"sources":542,"tags":543},"https://github.com/apache/tomcat/commit/9ca96c8c1eba86c0aaa2e6be581ba2a7d4d4ae6e",[493],[497],{"url":545,"sources":546,"tags":547},"https://github.com/apache/tomcat/commit/cf77cc545de0488fb89e24294151504a7432df74",[493],[497],{"url":549,"sources":550,"tags":551},"https://github.com/apache/tomcat/commit/d53d8e7f77042cc32a3b98f589496a1ef5088e38",[493],[497],{"url":553,"sources":554,"tags":555},"https://tomcat.apache.org/security-9.html",[493],[497],{"url":557,"sources":558,"tags":559},"https://tomcat.apache.org/security-8.html",[493],[497],{"url":561,"sources":562,"tags":563},"https://tomcat.apache.org/security-11.html",[493],[497],{"url":565,"sources":566,"tags":567},"https://tomcat.apache.org/security-10.html",[493],[497],{"url":569,"sources":570,"tags":571},"https://security.netapp.com/advisory/ntap-20241108-0002",[493],[497],{"url":573,"sources":574,"tags":575},"https://security.netapp.com/advisory/ntap-20230302-0013",[493],[497],{"url":577,"sources":578,"tags":579},"https://github.com/search?q=repo%3Aapache%2Ftomcat+util.http+path%3A%2F%5Eres%5C%2Fbnd%5C%2F%2F&type=code",[493],[497],{"url":581,"sources":582,"tags":583},"https://github.com/apache/commons-fileupload",[493],[584],"PACKAGE",{"url":586,"sources":587,"tags":588},"https://commons.apache.org/proper/commons-fileupload/security-reports.html",[493],[497],[],{"date":591,"score":483,"percentile":592},"2026-06-04",0.9705,[594,598,601,604,606,608,610,612,615,618,621,623,625,627,629,633,636,638,642,645,647,650,653,655,658,661,663,666,669,672,675,677,679,681,683,686,688,690,693,696,699,702,705,708,711,714,717,719,721,724,726,728,731,733,737,740,743,745,748,752,754,757,760,762,764,767,770,773,776,778,780,782,785,788,791,794,796,798,800,803,805,808,810,812,814,817,820,822,825,827],{"date":595,"score":596,"percentile":597},"2025-11-04",0.47785,0.97566,{"date":599,"score":596,"percentile":600},"2025-11-05",0.97567,{"date":602,"score":596,"percentile":603},"2025-11-06",0.97565,{"date":605,"score":596,"percentile":600},"2025-11-07",{"date":607,"score":596,"percentile":600},"2025-11-08",{"date":609,"score":596,"percentile":600},"2025-11-09",{"date":611,"score":596,"percentile":600},"2025-11-10",{"date":613,"score":596,"percentile":614},"2025-11-11",0.97568,{"date":616,"score":596,"percentile":617},"2025-11-12",0.9757,{"date":619,"score":596,"percentile":620},"2025-11-13",0.97569,{"date":622,"score":596,"percentile":617},"2025-11-14",{"date":624,"score":596,"percentile":620},"2025-11-15",{"date":626,"score":596,"percentile":620},"2025-11-16",{"date":628,"score":596,"percentile":620},"2025-11-17",{"date":630,"score":631,"percentile":632},"2025-11-18",0.87766,0.9956,{"date":634,"score":631,"percentile":635},"2025-11-19",0.99561,{"date":637,"score":631,"percentile":635},"2025-11-20",{"date":639,"score":640,"percentile":641},"2025-11-21",0.48374,0.97604,{"date":643,"score":640,"percentile":644},"2025-11-22",0.97603,{"date":646,"score":640,"percentile":641},"2025-11-23",{"date":648,"score":596,"percentile":649},"2025-11-24",0.97572,{"date":651,"score":596,"percentile":652},"2025-11-25",0.97574,{"date":654,"score":596,"percentile":652},"2025-11-26",{"date":656,"score":596,"percentile":657},"2025-11-27",0.97576,{"date":659,"score":596,"percentile":660},"2025-11-28",0.97575,{"date":662,"score":596,"percentile":649},"2025-11-29",{"date":664,"score":596,"percentile":665},"2025-11-30",0.97571,{"date":667,"score":668,"percentile":592},"2025-12-01",0.378,{"date":670,"score":668,"percentile":671},"2025-12-02",0.97051,{"date":673,"score":668,"percentile":674},"2025-12-03",0.97053,{"date":676,"score":596,"percentile":620},"2025-12-04",{"date":678,"score":596,"percentile":620},"2025-12-05",{"date":680,"score":596,"percentile":620},"2025-12-06",{"date":682,"score":596,"percentile":617},"2025-12-07",{"date":684,"score":596,"percentile":685},"2025-12-08",0.97573,{"date":687,"score":596,"percentile":685},"2025-12-09",{"date":689,"score":596,"percentile":657},"2025-12-10",{"date":691,"score":596,"percentile":692},"2025-12-11",0.97578,{"date":694,"score":596,"percentile":695},"2025-12-12",0.97581,{"date":697,"score":596,"percentile":698},"2025-12-13",0.97584,{"date":700,"score":596,"percentile":701},"2025-12-14",0.97582,{"date":703,"score":596,"percentile":704},"2025-12-15",0.97583,{"date":706,"score":596,"percentile":707},"2025-12-16",0.97585,{"date":709,"score":596,"percentile":710},"2025-12-17",0.97587,{"date":712,"score":596,"percentile":713},"2025-12-18",0.97589,{"date":715,"score":596,"percentile":716},"2025-12-19",0.97591,{"date":718,"score":596,"percentile":716},"2025-12-20",{"date":720,"score":596,"percentile":716},"2025-12-21",{"date":722,"score":596,"percentile":723},"2025-12-22",0.9759,{"date":725,"score":596,"percentile":713},"2025-12-23",{"date":727,"score":596,"percentile":723},"2025-12-24",{"date":729,"score":596,"percentile":730},"2025-12-25",0.97592,{"date":732,"score":596,"percentile":730},"2025-12-26",{"date":734,"score":735,"percentile":736},"2025-12-27",0.41222,0.97271,{"date":738,"score":596,"percentile":739},"2025-12-28",0.97593,{"date":741,"score":596,"percentile":742},"2025-12-29",0.97594,{"date":744,"score":596,"percentile":739},"2025-12-30",{"date":746,"score":596,"percentile":747},"2025-12-31",0.97596,{"date":749,"score":750,"percentile":751},"2026-01-01",0.39164,0.97164,{"date":753,"score":750,"percentile":751},"2026-01-02",{"date":755,"score":750,"percentile":756},"2026-01-03",0.97165,{"date":758,"score":596,"percentile":759},"2026-01-04",0.97598,{"date":761,"score":596,"percentile":747},"2026-01-05",{"date":763,"score":596,"percentile":759},"2026-01-06",{"date":765,"score":596,"percentile":766},"2026-01-07",0.97599,{"date":768,"score":596,"percentile":769},"2026-01-08",0.97601,{"date":771,"score":596,"percentile":772},"2026-01-09",0.97605,{"date":774,"score":596,"percentile":775},"2026-01-10",0.97606,{"date":777,"score":596,"percentile":641},"2026-01-11",{"date":779,"score":596,"percentile":772},"2026-01-12",{"date":781,"score":596,"percentile":775},"2026-01-13",{"date":783,"score":596,"percentile":784},"2026-01-14",0.97609,{"date":786,"score":596,"percentile":787},"2026-01-15",0.9761,{"date":789,"score":596,"percentile":790},"2026-01-16",0.97612,{"date":792,"score":596,"percentile":793},"2026-01-17",0.97615,{"date":795,"score":596,"percentile":787},"2026-01-18",{"date":797,"score":596,"percentile":787},"2026-01-19",{"date":799,"score":596,"percentile":787},"2026-01-20",{"date":801,"score":596,"percentile":802},"2026-01-21",0.97611,{"date":804,"score":596,"percentile":790},"2026-01-22",{"date":806,"score":596,"percentile":807},"2026-01-23",0.97614,{"date":809,"score":596,"percentile":793},"2026-01-24",{"date":811,"score":596,"percentile":807},"2026-01-25",{"date":813,"score":596,"percentile":793},"2026-01-26",{"date":815,"score":596,"percentile":816},"2026-01-27",0.97617,{"date":818,"score":596,"percentile":819},"2026-01-28",0.97618,{"date":821,"score":596,"percentile":816},"2026-01-29",{"date":823,"score":596,"percentile":824},"2026-01-30",0.97616,{"date":826,"score":596,"percentile":824},"2026-01-31",{"date":828,"score":750,"percentile":829},"2026-02-01",0.9719,[831,836],{"source":486,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":832,"cvss_v4_0":9},{"baseScore":484,"baseSeverity":833,"vectorString":487,"impactScore":834,"exploitabilityScore":835},"HIGH",6,10,{"source":493,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":837,"cvss_v4_0":9},{"baseScore":484,"baseSeverity":9,"vectorString":487,"impactScore":834,"exploitabilityScore":835},[839,850,869,880,890,899,919],{"ecosystem":9,"name":840,"vendor":841,"product":842,"cpe_part":843,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":844},"Apache Commons FileUpload","apache software foundation","apache commons fileupload","a",[845],{"version":846,"is_range":847,"range_type":492,"version_start":9,"version_start_type":9,"version_end":848,"version_end_type":849,"fixed_in":9},"\u003C 1.5",true,"1.5","excluding",{"ecosystem":9,"name":851,"vendor":841,"product":852,"cpe_part":843,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":853},"Apache Tomcat","apache tomcat",[854,857,861,865],{"version":855,"is_range":481,"range_type":492,"version_start":855,"version_start_type":856,"version_end":855,"version_end_type":856,"fixed_in":9},"11.0.0-M1","including",{"version":858,"is_range":847,"range_type":492,"version_start":859,"version_start_type":856,"version_end":860,"version_end_type":856,"fixed_in":9},">= 10.0.0-M1, \u003C= 10.1.4","10.0.0-M1","10.1.4",{"version":862,"is_range":847,"range_type":492,"version_start":863,"version_start_type":856,"version_end":864,"version_end_type":856,"fixed_in":9},">= 9.0.0-M1, \u003C= 9.0.70","9.0.0-M1","9.0.70",{"version":866,"is_range":847,"range_type":492,"version_start":867,"version_start_type":856,"version_end":868,"version_end_type":856,"fixed_in":9},">= 8.5.0, \u003C= 8.5.84","8.5.0","8.5.84",{"ecosystem":9,"name":870,"vendor":871,"product":872,"cpe_part":843,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":873},"commons fileupload","apache","commons_fileupload",[874,878],{"version":875,"is_range":847,"range_type":876,"version_start":877,"version_start_type":856,"version_end":848,"version_end_type":849,"fixed_in":9},"gte1.0_lt1.5","cpe","1.0",{"version":879,"is_range":481,"range_type":876,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.0:beta",{"ecosystem":9,"name":881,"vendor":882,"product":883,"cpe_part":884,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":885},"debian linux","debian","debian_linux","o",[886,888],{"version":887,"is_range":481,"range_type":876,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0",{"version":889,"is_range":481,"range_type":876,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.0",{"ecosystem":891,"name":892,"vendor":893,"product":893,"cpe_part":9,"purl_type":894,"purl_namespace":893,"purl_name":893,"source":9,"versions":895},"Maven","commons-fileupload:commons-fileupload","commons-fileupload","maven",[896],{"version":897,"is_range":847,"range_type":898,"version_start":9,"version_start_type":9,"version_end":848,"version_end_type":849,"fixed_in":9},"lt1_5","ecosystem",{"ecosystem":891,"name":900,"vendor":901,"product":902,"cpe_part":9,"purl_type":894,"purl_namespace":901,"purl_name":902,"source":9,"versions":903},"org.apache.tomcat:tomcat-coyote","org.apache.tomcat","tomcat-coyote",[904,908,912,916],{"version":905,"is_range":847,"range_type":898,"version_start":906,"version_start_type":856,"version_end":907,"version_end_type":849,"fixed_in":9},"gte10_1_0_M1_lt10_1_5","10.1.0-M1","10.1.5",{"version":909,"is_range":847,"range_type":898,"version_start":910,"version_start_type":856,"version_end":911,"version_end_type":849,"fixed_in":9},"gte11_0_0_M2_lt11_0_0_M5","11.0.0-M2","11.0.0-M5",{"version":913,"is_range":847,"range_type":898,"version_start":914,"version_start_type":856,"version_end":915,"version_end_type":849,"fixed_in":9},"gte8_5_85_lt8_5_88","8.5.85","8.5.88",{"version":917,"is_range":847,"range_type":898,"version_start":863,"version_start_type":856,"version_end":918,"version_end_type":849,"fixed_in":9},"gte9_0_0_M1_lt9_0_71","9.0.71",{"ecosystem":891,"name":920,"vendor":921,"product":922,"cpe_part":9,"purl_type":894,"purl_namespace":921,"purl_name":922,"source":9,"versions":923},"org.apache.tomcat.embed:tomcat-embed-core","org.apache.tomcat.embed","tomcat-embed-core",[924,925,926,927],{"version":905,"is_range":847,"range_type":898,"version_start":906,"version_start_type":856,"version_end":907,"version_end_type":849,"fixed_in":9},{"version":909,"is_range":847,"range_type":898,"version_start":910,"version_start_type":856,"version_end":911,"version_end_type":849,"fixed_in":9},{"version":913,"is_range":847,"range_type":898,"version_start":914,"version_start_type":856,"version_end":915,"version_end_type":849,"fixed_in":9},{"version":917,"is_range":847,"range_type":898,"version_start":863,"version_start_type":856,"version_end":918,"version_end_type":849,"fixed_in":9}]