Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/commons-configuration2@0?distro=trixie
purl pkg:deb/debian/commons-configuration2@0?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-7dj3-fgbe-mkh1 Apache Commons Configuration Uncontrolled Resource Consumption Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x. There are a number of issues in Apache Commons Configuration 1.x that allow excessive resource consumption when loading untrusted configurations or using unexpected usage patterns. The Apache Commons Configuration team does not intend to fix these issues in 1.x. Apache Commons Configuration 1.x is still safe to use in scenarios where you only load trusted configurations. Users that load untrusted configurations or give attackers control over usage patterns are recommended to upgrade to the 2.x version line, which fixes these issues. Apache Commons Configuration 2.x is not a drop-in replacement, but as it uses a separate Maven groupId and Java package namespace they can be loaded side-by-side, making it possible to do a gradual migration. CVE-2025-46392
GHSA-pvp8-3xj6-8c6x

Date Actor Action Vulnerability Source VulnerableCode Version
2026-05-02T00:07:06.814817+00:00 Debian Importer Fixing VCID-7dj3-fgbe-mkh1 https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-04-16T09:40:14.964579+00:00 Debian Importer Fixing VCID-7dj3-fgbe-mkh1 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-11T18:26:04.702700+00:00 Debian Importer Fixing VCID-7dj3-fgbe-mkh1 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-02T17:05:32.936909+00:00 Debian Importer Fixing VCID-7dj3-fgbe-mkh1 https://security-tracker.debian.org/tracker/data/json 38.1.0