CVE-2024-47554

{"id": "CVE-2024-47554", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-10-03T12:15:02.613", "references": [{"url": "https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1", "source": "security@apache.org"}, {"url": "http://www.openwall.com/lists/oss-security/2024/10/03/2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20250131-0010/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "Uncontrolled Resource Consumption vulnerability in Apache Commons IO.\n\nThe org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.\n\n\nThis issue affects Apache Commons IO: from 2.0 before 2.14.0.\n\nUsers are recommended to upgrade to version 2.14.0 or later, which fixes the issue."}, {"lang": "es", "value": "Vulnerabilidad de consumo descontrolado de recursos en Apache Commons IO. La clase org.apache.commons.io.input.XmlStreamReader puede consumir recursos de CPU en exceso al procesar una entrada manipulada con fines malintencionados. Este problema afecta a Apache Commons IO: desde la versi\u00f3n 2.0 hasta la 2.14.0. Se recomienda a los usuarios que actualicen a la versi\u00f3n 2.14.0 o posterior, que soluciona el problema."}], "lastModified": "2025-01-31T15:15:13.520", "sourceIdentifier": "security@apache.org"}