CVE-2024-47554: Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader

Severity: low Affected versions: - Apache Commons IO 2.0 before 2.14.0 Description: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. Th

CVE-2024-29131: Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()

Severity: low Affected versions: - Apache Commons Configuration 2.0 before 2.10.1 Description: Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which f

CVE-2024-29133: Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree

Severity: low Affected versions: - Apache Commons Configuration 2.0 before 2.10.1 Description: Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which f

CVE-2024-26308: Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file

Severity: moderate Affected versions: - Apache Commons Compress 1.21 before 1.26.0 Description: Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to

CVE-2024-25710: Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file

Severity: important Affected versions: - Apache Commons Compress 1.3 through 1.25.0 Description: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgra

CVE-2023-42503: Apache Commons Compress: Denial of service via CPU consumption for malformed TAR file

Severity: moderate Affected versions: - Apache Commons Compress 1.22 before 1.24.0 Description: Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress: from 1.22 before 1.24.0. Users are

CVE-2021-37533: Apache Commons Net's FTP client trusts the host from PASV response by default

Severity: low Description: Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to l

CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing

Description: Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllabl

CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults

Severity: important Description: Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLo