Skip to content

Commit 7f7a051

Browse files
committed
Document CVE-2024-47554 for version 2.0 before 2.14.0
1 parent 909dc0f commit 7f7a051

1 file changed

Lines changed: 28 additions & 27 deletions

File tree

src/site/xdoc/security.xml

Lines changed: 28 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -1,24 +1,10 @@
11
<?xml version="1.0"?>
2-
<!--
3-
Licensed to the Apache Software Foundation (ASF) under one
4-
or more contributor license agreements. See the NOTICE file
5-
distributed with this work for additional information
6-
regarding copyright ownership. The ASF licenses this file
7-
to you under the Apache License, Version 2.0 (the
8-
"License"); you may not use this file except in compliance
9-
with the License. You may obtain a copy of the License at
10-
11-
https://www.apache.org/licenses/LICENSE-2.0
12-
13-
Unless required by applicable law or agreed to in writing,
14-
software distributed under the License is distributed on an
15-
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16-
KIND, either express or implied. See the License for the
17-
specific language governing permissions and limitations
18-
under the License.
19-
-->
20-
<document xmlns="http://maven.apache.org/XDOC/2.0"
21-
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
2+
<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding
3+
copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may
4+
obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed
5+
on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the
6+
License. -->
7+
<document xmlns="http://maven.apache.org/XDOC/2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
228
xsi:schemaLocation="http://maven.apache.org/XDOC/2.0 https://maven.apache.org/xsd/xdoc-2.0.xsd">
239
<properties>
2410
<title>Apache Commons Security Reports</title>
@@ -28,24 +14,39 @@
2814
<section name="About Security">
2915
<p>
3016
For information about reporting or asking questions about security, please see
31-
<a href="https://commons.apache.org/security.html">Apache Commons Security</a>.
17+
<a href="https://commons.apache.org/security.html">Apache Commons Security</a>
18+
.
3219
</p>
33-
<p>This page lists all security vulnerabilities fixed in released versions of this component.
20+
<p>This page lists all security vulnerabilities fixed in released versions of this component.
3421
</p>
3522
<p>Please note that binary patches are never provided. If you need to apply a source code patch, use the building instructions for the component version
36-
that you are using.
23+
that you are using.
3724
</p>
3825
<p>
3926
If you need help on building this component or other help on following the instructions to mitigate the known vulnerabilities listed here, please send
40-
your questions to the public
41-
<a href="mail-lists.html">user mailing list</a>.
27+
your questions to the
28+
public
29+
<a href="mail-lists.html">user mailing list</a>
30+
.
4231
</p>
4332
<p>If you have encountered an unlisted security vulnerability or other unexpected behavior that has security impact, or if the descriptions here are
44-
incomplete, please report them privately to the Apache Security Team. Thank you.
33+
incomplete, please report
34+
them privately to the Apache Security Team. Thank you.
4535
</p>
4636
</section>
4737
<section name="Security Vulnerabilities">
48-
<p>None.</p>
38+
<subsection name="CVE-2024-47554">
39+
<ul>
40+
<li>CVE-2024-47554: Uncontrolled Resource Consumption vulnerability in Apache Commons IO.</li>
41+
<li>Severity: Low</li>
42+
<li>Vendor: The Apache Software Foundation</li>
43+
<li>Versions Affected: Apache Commons IO 2.0 before 2.14.0.</li>
44+
<li>Description: The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.
45+
</li>
46+
<li>Mitigation: Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.</li>
47+
<li>Credit: CodeQL (tool).</li>
48+
</ul>
49+
</subsection>
4950
</section>
5051
</body>
5152
</document>

0 commit comments

Comments
 (0)