CVE-2024-47554

CVE-2024-47554: Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader

Vendor Apache Software Foundation

Product Apache Commons IO

Weakness CWE-400

Published October 3, 2024

Last update January 31, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.

Key dates

Disclosure timeline

October 3, 2024 CVE published

January 31, 2025 Record updated