CVE-2024-47554

Data: 2024-10-08

Severity: High

CVSS Score: 8.7 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)

Riferimenti:

• https://nvd.nist.gov/vuln/detail/CVE-2024-47554

• https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1

• https://ossindex.sonatype.org/vulnerability/CVE-2024-47554

Libreria: commons-io:commons-io < 2.14.0

Descrizione

CWE-400: Uncontrolled Resource Consumption (“Resource Exhaustion”)

Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.

GovWay

Versione affette: <= 3.3.15.p1

Risoluzione: 3.3.15.p2