org.apache.commons:commons-configuration2@2.8.0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.apache.commons:commons-configuration2 package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Out-of-Bounds Write

org.apache.commons:commons-configuration2 is a group of tools to assist in the reading of configuration/preferences files in various formats.

Affected versions of this package are vulnerable to Out-of-Bounds Write due to the improper handling of certain configurations in the AbstractListDelimiterHandler.flattenIterator method. An attacker can trigger a stack overflow by submitting a crafted configuration file or input, leading to a denial of service condition.

How to fix Out-of-Bounds Write?

Upgrade org.apache.commons:commons-configuration2 to version 2.10.1 or higher.

[2.0.0,2.10.1)
  • H
Out-of-Bounds Write

org.apache.commons:commons-configuration2 is a group of tools to assist in the reading of configuration/preferences files in various formats.

Affected versions of this package are vulnerable to Out-of-Bounds Write due to the improper handling of a cyclical object tree when calling the ListDelimiterHandler.flatten method. An attacker can trigger a StackOverflowError and potentially cause a denial of service condition by submitting a specially crafted configuration object.

How to fix Out-of-Bounds Write?

Upgrade org.apache.commons:commons-configuration2 to version 2.10.1 or higher.

[2.0.0,2.10.1)