Uncontrolled Resource Consumption vulnerability in Apache Commons IO.
The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.
This issue affects Apache Commons IO: from 2.0 before 2.14.0.
Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.
Metrics
Affected Vendors & Products
References
History
Fri, 22 Nov 2024 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Thu, 14 Nov 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat amq Streams |
|
CPEs | cpe:/a:redhat:amq_streams:2 | |
Vendors & Products |
Redhat
Redhat amq Streams |
Fri, 04 Oct 2024 13:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
Thu, 03 Oct 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 03 Oct 2024 11:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue. | |
Title | Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader | |
Weaknesses | CWE-400 | |
References |
|
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2024-10-03T11:32:48.936Z
Updated: 2024-12-04T15:03:37.949Z
Reserved: 2024-09-26T16:12:46.116Z
Link: CVE-2024-47554
Vulnrichment
Updated: 2024-10-03T18:03:28.321Z
NVD
Status : Awaiting Analysis
Published: 2024-10-03T12:15:02.613
Modified: 2024-12-04T15:15:11.940
Link: CVE-2024-47554
Redhat