CVE-2024-47554

Source
https://cve.org/CVERecord?id=CVE-2024-47554
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47554.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-47554
Aliases
Downstream
Related
Published
2024-10-03T11:32:48.936Z
Modified
2026-07-08T06:35:17.534767328Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVSS Calculator
Summary
Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader
Details

Uncontrolled Resource Consumption vulnerability in Apache Commons IO.

The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.

This issue affects Apache Commons IO: from 2.0 before 2.14.0.

Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47554.json",
    "cna_assigner": "apache",
    "cwe_ids": [
        "CWE-400"
    ],
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "2.0"
                },
                {
                    "fixed": "2.14.0"
                }
            ]
        },
        {
            "extracted_events": [
                {
                    "introduced": "2.0"
                },
                {
                    "fixed": "2.14.0"
                }
            ],
            "source": "DESCRIPTION"
        }
    ]
}
References

Affected packages

Git / github.com/apache/commons-io

Affected ranges

Type
GIT
Repo
https://github.com/apache/commons-io
Events
Database specific
{
    "cpe": "cpe:2.3:a:apache:commons_io:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "2.0"
        },
        {
            "fixed": "2.14.0"
        }
    ],
    "source": "CPE_RANGE"
}

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47554.json"