Back to all
CVE

CVE-2024-47554

Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader

Uncontrolled Resource Consumption vulnerability in Apache Commons IO.

The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.

This issue affects Apache Commons IO: from 2.0 before 2.14.0.

Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.

Endor Patches

Patch Name
Vulnerabilities fixed
Lines of Code Changed
com.thoughtworks.xstream:xstream
com.thoughtworks.xstream:xstream
com.thoughtworks.xstream:xstream