Uncontrolled Resource Consumption Vulnerability in Apache Commons IO

CVE-2024-47554

Currently unrated 🤨

Key Information

Vendor: Apache
Status: Apache Commons Io
Vendor: CVE Published:; 3 October 2024

Summary

Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.

Affected Version(s)

Apache Commons IO < 2.14.0

Timeline

Vulnerability published.
Oct 3, 2024
Vulnerability Reserved.
Sep 26, 2024

Collectors

NVD DatabaseMitre Database

Credit

CodeQL