|
1 | 1 | <?xml version="1.0"?> |
2 | | -<!-- |
3 | | - Licensed to the Apache Software Foundation (ASF) under one |
4 | | - or more contributor license agreements. See the NOTICE file |
5 | | - distributed with this work for additional information |
6 | | - regarding copyright ownership. The ASF licenses this file |
7 | | - to you under the Apache License, Version 2.0 (the |
8 | | - "License"); you may not use this file except in compliance |
9 | | - with the License. You may obtain a copy of the License at |
10 | | -
|
11 | | - https://www.apache.org/licenses/LICENSE-2.0 |
12 | | -
|
13 | | - Unless required by applicable law or agreed to in writing, |
14 | | - software distributed under the License is distributed on an |
15 | | - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
16 | | - KIND, either express or implied. See the License for the |
17 | | - specific language governing permissions and limitations |
18 | | - under the License. |
19 | | ---> |
20 | | -<document xmlns="http://maven.apache.org/XDOC/2.0" |
21 | | - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
| 2 | +<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding |
| 3 | + copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may |
| 4 | + obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed |
| 5 | + on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the |
| 6 | + License. --> |
| 7 | +<document xmlns="http://maven.apache.org/XDOC/2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
22 | 8 | xsi:schemaLocation="http://maven.apache.org/XDOC/2.0 https://maven.apache.org/xsd/xdoc-2.0.xsd"> |
23 | 9 | <properties> |
24 | 10 | <title>Apache Commons Security Reports</title> |
|
28 | 14 | <section name="About Security"> |
29 | 15 | <p> |
30 | 16 | For information about reporting or asking questions about security, please see |
31 | | - <a href="https://commons.apache.org/security.html">Apache Commons Security</a>. |
| 17 | + <a href="https://commons.apache.org/security.html">Apache Commons Security</a> |
| 18 | + . |
32 | 19 | </p> |
33 | | - <p>This page lists all security vulnerabilities fixed in released versions of this component. |
| 20 | + <p>This page lists all security vulnerabilities fixed in released versions of this component. |
34 | 21 | </p> |
35 | 22 | <p>Please note that binary patches are never provided. If you need to apply a source code patch, use the building instructions for the component version |
36 | | - that you are using. |
| 23 | + that you are using. |
37 | 24 | </p> |
38 | 25 | <p> |
39 | 26 | If you need help on building this component or other help on following the instructions to mitigate the known vulnerabilities listed here, please send |
40 | | - your questions to the public |
41 | | - <a href="mail-lists.html">user mailing list</a>. |
| 27 | + your questions to the |
| 28 | + public |
| 29 | + <a href="mail-lists.html">user mailing list</a> |
| 30 | + . |
42 | 31 | </p> |
43 | 32 | <p>If you have encountered an unlisted security vulnerability or other unexpected behavior that has security impact, or if the descriptions here are |
44 | | - incomplete, please report them privately to the Apache Security Team. Thank you. |
| 33 | + incomplete, please report |
| 34 | + them privately to the Apache Security Team. Thank you. |
45 | 35 | </p> |
46 | 36 | </section> |
47 | 37 | <section name="Security Vulnerabilities"> |
48 | | - <p>None.</p> |
| 38 | + <subsection name="CVE-2024-47554"> |
| 39 | + <ul> |
| 40 | + <li>CVE-2024-47554: Uncontrolled Resource Consumption vulnerability in Apache Commons IO.</li> |
| 41 | + <li>Severity: Low</li> |
| 42 | + <li>Vendor: The Apache Software Foundation</li> |
| 43 | + <li>Versions Affected: Apache Commons IO 2.0 before 2.14.0.</li> |
| 44 | + <li>Description: The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. |
| 45 | + </li> |
| 46 | + <li>Mitigation: Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.</li> |
| 47 | + <li>Credit: CodeQL (tool).</li> |
| 48 | + </ul> |
| 49 | + </subsection> |
49 | 50 | </section> |
50 | 51 | </body> |
51 | 52 | </document> |
0 commit comments