Overview
About vulnerability
Uncontrolled Resource Consumption vulnerability in Apache Commons IO.
The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.
This issue affects Apache Commons IO: from 2.0 before 2.14.0.
Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.
Details
- Affected product:
- Apache CXF , Apache Commons , Apache Hadoop , Apache Hive , Apache Kafka , Apache Log4j , Apache Lucene , Apache Maven , Apache Solr , Apache Spark , Apache Struts , Apache Tapestry , Apache Velocity , Eclipse Jetty , Hibernate , Plexus , Spring , Wildfly , accumulo , activemq , agepredictor , avro , bookkeeper-common-allocator , camel , cocoon , creadur-rat , docker-java , docx4j , dozer , drill , dropwizard-metrics-hadoop-metrics2-reporter , elasticsearch , file-management , flume-ng-core , gradle , hapi-fhir , hbase , htmlunit , jackrabbit , james-mime4j , java-opensaml , jgroups-raft , jhighlight , jxls , karaf , kotlin , less4j , littleproxy , logging-flume , maven , narayana , neo4j-ogm , org.apache.karaf.features.core , org.ops4j.pax.url , pax-url-aether , poi , pulsar , pulsar-client-all , resteasy , shadow , swagger-parser , tika , webdrivermanager , wildfly , xchange , zookeeper
- Affected packages:
- hibernate-orm @ 5.5.9.Final (+4804 more)
Uncontrolled Resource Consumption vulnerability in Apache Commons IO.
The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.
This issue affects Apache Commons IO: from 2.0 before 2.14.0.
Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.