CVE
GHSA-78wr-2p64-hpwj
Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader
Uncontrolled Resource Consumption vulnerability in Apache Commons IO.
The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.
This issue affects Apache Commons IO: from 2.0 before 2.14.0.
Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.
Package Versions Affected
Automatically patch vulnerabilities without upgrading
Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request
CVSS Version
Severity
Base Score
CVSS Version
Score Vector
C
H
U
4.3
-
3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
C
H
U
0
-
3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
C
H
U
7.5
-
3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Related Resources
No items found.
References
https://nvd.nist.gov/vuln/detail/CVE-2024-47554, https://github.com/apache/commons-io, https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1, https://security.netapp.com/advisory/ntap-20250131-0010, http://www.openwall.com/lists/oss-security/2024/10/03/2
Basic Information
Ecosystem
