Vulnerability

CVE-2024-47554

 Report advisory or correction

CVSS Score 8.7 high

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CWE

CWE-400

References

https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-47554

[CVE-2024-47554] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')

Description

Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.

See commons-io/commons-io package information