CVE-2024-47554

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-47554

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47554.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-47554

Aliases

GHSA-78wr-2p64-hpwj

Related

Published

2024-10-03T12:15:02Z

Modified

2024-10-04T22:45:30.199026Z

Summary

[none]

Details

Uncontrolled Resource Consumption vulnerability in Apache Commons IO.

The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.

This issue affects Apache Commons IO: from 2.0 before 2.14.0.

Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.

References

Affected packages

Debian:11 / commons-io

Package

Name: commons-io
Purl: pkg:deb/debian/commons-io?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.8.0-1

2.11.0-1

2.11.0-2~bpo11+1

2.11.0-2

2.15.1-1

2.16.0-1

2.16.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / commons-io

Package

Name: commons-io
Purl: pkg:deb/debian/commons-io?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.11.0-2

2.15.1-1

2.16.0-1

2.16.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / commons-io

Package

Name: commons-io
Purl: pkg:deb/debian/commons-io?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.16.0-1

Affected versions

2.*

2.11.0-2

2.15.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}