CVE-2024-47554
published 2024-10-03CVE-2024-47554: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU…
medium4.3CVSS 3.1
AVNACLPRNUIRSUCNINAL
Uncontrolled Resource Consumption vulnerability in Apache Commons IO.
The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.
This issue affects Apache Commons IO: from 2.0 before 2.14.0.
Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | commons_io | >= 2.0 < 2.14.0 | 2.14.0 |
| apache_software_foundation | apache_commons_io | >= 2.0 < 2.14.0 | 2.14.0 |
| debian | commons-io | < commons-io 2.16.0-1 (forky) | commons-io 2.16.0-1 (forky) |
| msrc | azl3_apache-commons-io_2.14.0-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_javapackages-bootstrap_1.14.0-3_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_apache-commons-io_2.14.0-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_javapackages-bootstrap_1.5.0-6_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| netapp | ontap_tools | — | — |
| netapp | ontap_tools | — | — |
| ubuntu | commons-io | — | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
osv4.3MEDIUM