Description
jakarta-commons-fileupload received a security fix:
* A poison null byte flaw was found in the
implementation of the DiskFileItem class. A remote attacker
could able to supply a serialized instance of the
DiskFileItem class, which would be deserialized on a
server, could use this flaw to write arbitrary content to
any location on the server that is permitted by the user
running the application server process. (CVE-2013-2186)