VDB
DEBIAN-CVE-2024-47554
DEBIAN-CVE-2024-47554
PUBLISHED
CVSS 4.300000190734863 MEDIUM
Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.
Risk Scores
CVSS v3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | commons-io | 0, 0 |
| Debian:13 | commons-io | 0, 0 |
| Debian:12 | commons-io | 2.16.1-1, 2.17.0-1, 2.18.0-1 |
| Debian:11 | commons-io | 2.16.1-1, 0, 2.18.0-1 |
Timeline
- Oct 3, 2024 CVE Published
- Apr 28, 2026 CVE Updated