Vulnerability	Vulnerable Version
M Uncontrolled Resource Consumption ('Resource Exhaustion') commons-io:commons-io is a The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more. Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') through the `XmlStreamReader` class. An attacker can cause the application to consume excessive CPU resources by sending specially crafted XML content. How to fix Uncontrolled Resource Consumption ('Resource Exhaustion')? Upgrade `commons-io:commons-io` to version 2.14.0 or higher.	[2.0,2.14.0)
M Directory Traversal commons-io:commons-io is a The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more. Affected versions of this package are vulnerable to Directory Traversal via calling the method FileNameUtils.normalize using an improper string like `//../foo` or `\\..\foo`, which may allow access to files in the parent directory. How to fix Directory Traversal? Upgrade `commons-io:commons-io` to version 2.7 or higher.	[0,2.7)

Uncontrolled Resource Consumption ('Resource Exhaustion')

commons-io:commons-io is a The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.

Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') through the XmlStreamReader class. An attacker can cause the application to consume excessive CPU resources by sending specially crafted XML content.

How to fix Uncontrolled Resource Consumption ('Resource Exhaustion')?

Upgrade commons-io:commons-io to version 2.14.0 or higher.

[2.0,2.14.0)

Directory Traversal

commons-io:commons-io is a The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.

Affected versions of this package are vulnerable to Directory Traversal via calling the method FileNameUtils.normalize using an improper string like //../foo or \\..\foo, which may allow access to files in the parent directory.

How to fix Directory Traversal?

Upgrade commons-io:commons-io to version 2.7 or higher.

[0,2.7)

Go back to all versions of this package