WS-2014-0034 | Mend Vulnerability Database

Vulnerability DatabaseWS-2014-0034

WS-2014-0034

Published:May 14, 2026

Updated:May 14, 2026

The class FileUploadBase in Apache Commons Fileupload before 1.4 has potential resource leak - InputStream not closed on exception.

Affected Packages

bioconductor-rdavidwebservice (CONDA):

Affected version(s) >=1.20.0 <=1.28.0

Fix Suggestion:

Update to version no_fix

cromwell (CONDA):

Affected version(s) >=0.23 <0.26

Fix Suggestion:

Update to version 0.26

flapjack (CONDA):

Affected version(s) >=1.18.06.13 <=1.20.10.07

Fix Suggestion:

Update to version no_fix

existdb (CONDA):

Affected version(s) >=4.3.1 <=4.7.1

Fix Suggestion:

Update to version no_fix

appdynamics.azure.siteextension.java (NUGET):

Affected version(s) >=20.3.0 <20.6.0.1

Fix Suggestion:

Update to version 20.6.0.1

apace (NUGET):

Affected version(s) >=1.0.4 <=6.1.0.4

Fix Suggestion:

Update to version no_fix

ratku.framework.web (NUGET):

Affected version(s) >=1.2.0.517 <1.2.0.520

Fix Suggestion:

Update to version 1.2.0.520

vufind/vufind (PHP):

Affected version(s) =dev-legacy/vudl <dev-pullrequest_accessib_turn-my-account-menu-into-ul

Fix Suggestion:

Update to version dev-pullrequest_accessib_turn-my-account-menu-into-ul

geek1992/tp5_rbac (PHP):

Affected version(s) >=1.0.2 <=1.0.11

Fix Suggestion:

Update to version no_fix

flash20/yii2-adminh-asset (PHP):

Affected version(s) >=dev-master <=0.0.3

Fix Suggestion:

Update to version no_fix

vufind/vufind (PHP):

Affected version(s) >=dev-release-3.0 <v3.1

Fix Suggestion:

Update to version v3.1

ch4o5/x-tek_cmf (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

geek1992/tp5_rbac (PHP):

Affected version(s) >=dev-develop <1.0.0

Fix Suggestion:

Update to version 1.0.0

vufind/vufind (PHP):

Affected version(s) =dev-legacy/jquerymobile <dev-legacy/mink-autoretry

Fix Suggestion:

Update to version dev-legacy/mink-autoretry

tikiwiki/diagram (PHP):

Affected version(s) =v15.8.7 <v15.8.8

Fix Suggestion:

Update to version v15.8.8

dcrphp/core (PHP):

Affected version(s) =dev-master <1.0.1

Fix Suggestion:

Update to version 1.0.1

io/fe (PHP):

Affected version(s) =dev-master <v0.0.1

Fix Suggestion:

Update to version v0.0.1

tikiwiki/diagram (PHP):

Affected version(s) >=v14.1.3 <v14.2.8

Fix Suggestion:

Update to version v14.2.8

purepanel/dashboard-module (PHP):

Affected version(s) >=v1.0.0 <v1.1.2

Fix Suggestion:

Update to version v1.1.2

tikiwiki/diagram (PHP):

Affected version(s) >=v15.7.1 <v15.7.4

Fix Suggestion:

Update to version v15.7.4

tikiwiki/diagram (PHP):

Affected version(s) >=v13.9.9 <v13.10.5

Fix Suggestion:

Update to version v13.10.5

vufind/vufind (PHP):

Affected version(s) =dev-feature/foundation5 <dev-release-5.0

Fix Suggestion:

Update to version dev-release-5.0

tikiwiki/diagram (PHP):

Affected version(s) =v13.6.5 <v13.6.6

Fix Suggestion:

Update to version v13.6.6

eslider/solr (PHP):

Affected version(s) >=4.10.4 <=4.10.5

Fix Suggestion:

Update to version no_fix

xorti/mxgraph-editor (PHP):

Affected version(s) =dev-master <v3.9.8

Fix Suggestion:

Update to version v3.9.8

tikiwiki/diagram (PHP):

Affected version(s) >=v13.9.4 <v13.9.7

Fix Suggestion:

Update to version v13.9.7

xjryanse/admin (PHP):

Affected version(s) >=v0.0.181 <v0.1.15

Fix Suggestion:

Update to version v0.1.15

xjryanse/admin (PHP):

Affected version(s) =dev-main <v0.0.1

Fix Suggestion:

Update to version v0.0.1

dcrphp/core (PHP):

Affected version(s) >=1.0.7-alpha1 <1.0.7-alpha3

Fix Suggestion:

Update to version 1.0.7-alpha3

tikiwiki/diagram (PHP):

Affected version(s) >=v14.0.2 <v14.1.2

Fix Suggestion:

Update to version v14.1.2

lizetheb1920/high-chart (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

Related Resources (2)

https://github.com/apache/commons-fileupload/commit/5b4881d7f75f439326f54fa554a9ca7de6d60814

https://commons.apache.org/proper/commons-fileupload/changes-report.html

Do you need more information?

CVSS v4

Base Score:

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

NONE

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE