Vulnerability Description
Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Commons Io | >= 2.0, < 2.14.0 |
| Netapp | Active Iq Unified Manager | - |
| Netapp | Bluexp | - |
| Netapp | E-Series Santricity Unified Manager | - |
| Netapp | E-Series Santricity Web Services Proxy | - |
| Netapp | Ontap Tools | 9 |
| Netapp | Santricity Storage Plugin | - |
| Netapp | Snapcenter | - |
Related Weaknesses (CWE)
References
- https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1Mailing ListVendor Advisory
- http://www.openwall.com/lists/oss-security/2024/10/03/2Mailing ListThird Party Advisory
- https://security.netapp.com/advisory/ntap-20250131-0010/Third Party Advisory
FAQ
What is CVE-2024-47554?
CVE-2024-47554 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted i...
How severe is CVE-2024-47554?
CVE-2024-47554 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-47554?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Commons Io, Netapp Active Iq Unified Manager, Netapp Bluexp, Netapp E-Series Santricity Unified Manager, Netapp E-Series Santricity Web Services Proxy.