Products
Apache Commons IO
- 2.0 - 2.13.0
Source
security@apache.org
Tags
CVE-2024-47554 details
Published : Oct. 3, 2024, 12:15 p.m.
Last Modified : Oct. 3, 2024, 12:15 p.m.
Last Modified : Oct. 3, 2024, 12:15 p.m.
Description
Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-400 | Uncontrolled Resource Consumption | The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources. |
References
| URL | Source |
|---|---|
| https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1 | security@apache.org |
This website uses the NVD API, but is not approved or certified by it.