Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.commons/commons-configuration2@2.0
purl pkg:maven/org.apache.commons/commons-configuration2@2.0
Next non-vulnerable version 2.10.1
Latest non-vulnerable version 2.10.1
Risk 3.3
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-7dw4-pssj-dqf8
Aliases:
CVE-2024-29133
GHSA-9w38-p64v-xpmv
Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree This Out-of-bounds Write vulnerability in Apache Commons Configuration affects Apache Commons Configuration: from 2.0 before 2.10.1. User can see this as a 'StackOverflowError' calling 'ListDelimiterHandler.flatten(Object, int)' with a cyclical object tree. Users are recommended to upgrade to version 2.10.1, which fixes the issue.
2.10.1
Affected by 0 other vulnerabilities.
VCID-y9pv-wgb6-mfa7
Aliases:
CVE-2024-29131
GHSA-xjp4-hw94-mvp5
Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator() This Out-of-bounds Write vulnerability in Apache Commons Configuration affects Apache Commons Configuration: from 2.0 before 2.10.1. User can see this as a 'StackOverflowError' when adding a property in 'AbstractListDelimiterHandler.flattenIterator()'. Users are recommended to upgrade to version 2.10.1, which fixes the issue.
2.10.1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T22:54:19.766303+00:00 GitLab Importer Affected by VCID-y9pv-wgb6-mfa7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.commons/commons-configuration2/CVE-2024-29131.yml 38.4.0
2026-04-16T22:54:16.597515+00:00 GitLab Importer Affected by VCID-7dw4-pssj-dqf8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.commons/commons-configuration2/CVE-2024-29133.yml 38.4.0
2026-04-12T00:12:46.968600+00:00 GitLab Importer Affected by VCID-y9pv-wgb6-mfa7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.commons/commons-configuration2/CVE-2024-29131.yml 38.3.0
2026-04-12T00:12:43.636501+00:00 GitLab Importer Affected by VCID-7dw4-pssj-dqf8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.commons/commons-configuration2/CVE-2024-29133.yml 38.3.0
2026-04-03T00:19:05.605448+00:00 GitLab Importer Affected by VCID-y9pv-wgb6-mfa7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.commons/commons-configuration2/CVE-2024-29131.yml 38.1.0
2026-04-03T00:19:02.352537+00:00 GitLab Importer Affected by VCID-7dw4-pssj-dqf8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.commons/commons-configuration2/CVE-2024-29133.yml 38.1.0
2026-04-01T16:04:53.460935+00:00 GHSA Importer Affected by VCID-y9pv-wgb6-mfa7 https://github.com/advisories/GHSA-xjp4-hw94-mvp5 38.0.0
2026-04-01T16:04:53.429620+00:00 GHSA Importer Affected by VCID-7dw4-pssj-dqf8 https://github.com/advisories/GHSA-9w38-p64v-xpmv 38.0.0
2026-04-01T12:52:40.082628+00:00 GitLab Importer Affected by VCID-y9pv-wgb6-mfa7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.commons/commons-configuration2/CVE-2024-29131.yml 38.0.0
2026-04-01T12:52:40.024712+00:00 GitLab Importer Affected by VCID-7dw4-pssj-dqf8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.commons/commons-configuration2/CVE-2024-29133.yml 38.0.0