Описание
Uncontrolled Resource Consumption vulnerability in Apache Commons IO.
The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.
This issue affects Apache Commons IO: from 2.0 before 2.14.0.
Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.
A vulnerability was found in the Apache Commons IO component in the org.apache.commons.io.input.XmlStreamReader class. Excessive CPU resource consumption can lead to a denial of service when an untrusted input is processed.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| A-MQ Clients 2 | commons-io | Fix deferred | ||
| Cryostat 3 | commons-io | Fix deferred | ||
| Cryostat 4 | commons-io | Fix deferred | ||
| Red Hat AMQ Broker 7 | commons-io | Not affected | ||
| Red Hat AMQ Clients | commons-io | Fix deferred | ||
| Red Hat build of Apache Camel 4 for Quarkus 3 | quarkus-cxf-bom | Fix deferred | ||
| Red Hat build of Apache Camel for Spring Boot 4 | commons-io | Fix deferred | ||
| Red Hat build of Apache Camel - HawtIO 4 | commons-io | Fix deferred | ||
| Red Hat build of Apicurio Registry 2 | commons-io | Fix deferred | ||
| Red Hat build of Apicurio Registry 3 | commons-io | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS3
Связанные уязвимости
Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.
Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.
Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader
Uncontrolled Resource Consumption vulnerability in Apache Commons IO. ...
EPSS
4.3 Medium
CVSS3