Overview
About vulnerability
Uncontrolled Resource Consumption vulnerability in Apache Commons IO.
The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.
This issue affects Apache Commons IO: from 2.0 before 2.14.0.
Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.
Details
- Affected product:
- Apache Commons , Apache Hadoop , Apache Hive , Apache Lucene , Apache Maven , Apache Spark , Apache Struts , Apache Tapestry , Apache Velocity , Eclipse Jetty , Hibernate , Spring , Wildfly , accumulo , activemq , agepredictor , avro , bookkeeper-common-allocator , cocoon , creadur-rat , cxf , dropwizard-metrics-hadoop-metrics2-reporter , elasticsearch , file-management , flume-ng-core , gradle , hbase , htmlunit , jackrabbit , james-mime4j , java-opensaml , jhighlight , karaf , kotlin , less4j , littleproxy , logging-flume , lucene , maven , narayana , org.apache.karaf.features.core , org.ops4j.pax.url , pax-url-aether , poi , pulsar , pulsar-client-all , resteasy , shadow , solr , tika , webdrivermanager , wildfly
- Affected packages:
- spark-repl_2.12 @ 3.4.4 (+2886 more)
Uncontrolled Resource Consumption vulnerability in Apache Commons IO.
The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.
This issue affects Apache Commons IO: from 2.0 before 2.14.0.
Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.