Uploaded image for project: 'AMQ Streams'
  1. AMQ Streams
  2. ENTMQST-6421

CVE-2024-47554 Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Undefined Undefined
    • 2.8.0.GA
    • 2.7.0.GA
    • None
    • None

      commons-io:commons-io is a The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.

      Affected versions of this package are vulnerable to Uncontrolled Resource Consumption through the XmlStreamReader class. An attacker can cause the application to consume excessive CPU resources by sending specially crafted XML content.

      https://security.snyk.io/vuln/SNYK-JAVA-COMMONSIO-8161190

      https://www.cve.org/CVERecord?id=CVE-2024-47554

      https://access.redhat.com/security/cve/cve-2024-47554

       

              Unassigned Unassigned
              chfoley Christopher Foley
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: