CVE-2024-47554
Severity
4.3MEDIUM
EPSS
0.2%
top 61.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedOct 3
Latest updateJan 15
Description
Uncontrolled Resource Consumption vulnerability in Apache Commons IO.
The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.
This issue affects Apache Commons IO: from 2.0 before 2.14.0.
Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4
Affected Packages4 packages
Also affects: Ontap Tools 10, 9
🔴Vulnerability Details
4OSV▶
Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader↗2024-10-03
CVEList▶
Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader↗2024-10-03
GHSA▶
Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader↗2024-10-03
📋Vendor Advisories
8Oracle▶
Oracle Oracle Fusion Middleware Risk Matrix: Console (Apache Commons IO) — CVE-2024-47554↗2026-01-15
Oracle▶
Oracle Oracle Commerce Risk Matrix: Content Acquisition System (Apache Commons IO) — CVE-2024-47554↗2025-10-15
Oracle▶
Oracle Oracle Communications Applications Risk Matrix: Install (Apache Commons IO) — CVE-2024-47554↗2025-07-15
Oracle▶
Oracle Oracle TimesTen In-Memory Database Risk Matrix: EM TimesTen plug-in (Apache Commons IO) — CVE-2024-47554↗2025-04-15
Oracle▶
Oracle Oracle Communications Applications Risk Matrix: Solution Designer (Apache Commons IO) — CVE-2024-47554↗2025-01-15