Search for packages
| purl | pkg:maven/org.apache.commons/commons-configuration2@2.3 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-7dw4-pssj-dqf8
Aliases: CVE-2024-29133 GHSA-9w38-p64v-xpmv |
Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree This Out-of-bounds Write vulnerability in Apache Commons Configuration affects Apache Commons Configuration: from 2.0 before 2.10.1. User can see this as a 'StackOverflowError' calling 'ListDelimiterHandler.flatten(Object, int)' with a cyclical object tree. Users are recommended to upgrade to version 2.10.1, which fixes the issue. |
Affected by 0 other vulnerabilities. |
|
VCID-cy9f-u66u-6ben
Aliases: CVE-2020-1953 GHSA-7qx4-pp76-vrqh |
Remote code execution in Apache Commons Configuration Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this library. So if a YAML file was loaded from an untrusted source, it could therefore load and execute code out of the control of the host application. |
Affected by 3 other vulnerabilities. |
|
VCID-y9pv-wgb6-mfa7
Aliases: CVE-2024-29131 GHSA-xjp4-hw94-mvp5 |
Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator() This Out-of-bounds Write vulnerability in Apache Commons Configuration affects Apache Commons Configuration: from 2.0 before 2.10.1. User can see this as a 'StackOverflowError' when adding a property in 'AbstractListDelimiterHandler.flattenIterator()'. Users are recommended to upgrade to version 2.10.1, which fixes the issue. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||