CVE-2024-47554
Last modified
CVE-2024-47554 is a medium-severity vulnerability rated 4.3/10 on the CVSS scale. Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.. EPSS estimates a 1.25% chance of exploitation in the next 30 days.
Description
Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apache | Commons Io | >= 2.0, < 2.14.0 |
| Netapp | Active Iq Unified Manager | All versions |
| Netapp | Bluexp | All versions |
| Netapp | E-Series Santricity Unified Manager | All versions |
| Netapp | E-Series Santricity Web Services Proxy | All versions |
| Netapp | Ontap Tools | 9 |
| Netapp | Ontap Tools | 10 |
| Netapp | Santricity Storage Plugin | All versions |
| Netapp | Snapcenter | All versions |
References
- https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1Mailing List, Vendor Advisory
- http://www.openwall.com/lists/oss-security/2024/10/03/2Mailing List, Third Party Advisory
- https://security.netapp.com/advisory/ntap-20250131-0010/Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-47554?
How severe is CVE-2024-47554?
How do I fix CVE-2024-47554?
Are you affected by CVE-2024-47554?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST