CVE-2024-47554

Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1	Mailing List Vendor Advisory
http://www.openwall.com/lists/oss-security/2024/10/03/2	Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20250131-0010/	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:commons_io:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::linux::
	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::
	cpe:2.3:a:netapp:bluexp:-:::::::*
	cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:::::::*
	cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:::::::*
	cpe:2.3:a:netapp:ontap_tools:9:::::vmware_vsphere::
	cpe:2.3:a:netapp:ontap_tools:10:::::vmware_vsphere::
	cpe:2.3:a:netapp:santricity_storage_plugin:-:::::vcenter::
	cpe:2.3:a:netapp:snapcenter:-:::::::*

History

10 Jul 2025, 21:10

Type	Values Removed	Values Added
CPE		cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:::::::* cpe:2.3:a:netapp:ontap_tools:10:::::vmware_vsphere:: cpe:2.3:a:netapp:santricity_storage_plugin:-:::::vcenter:: cpe:2.3:a:netapp:ontap_tools:9:::::vmware_vsphere:: cpe:2.3:a:netapp:bluexp:-:::::::* cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows:: cpe:2.3:a:apache:commons_io:::::::: cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:::::::* cpe:2.3:a:netapp:snapcenter:-:::::::* cpe:2.3:a:netapp:active_iq_unified_manager:-:::::linux:: cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
First Time		Netapp snapcenter Apache Netapp active Iq Unified Manager Netapp bluexp Netapp Apache commons Io Netapp santricity Storage Plugin Netapp e-series Santricity Web Services Proxy Netapp e-series Santricity Unified Manager Netapp ontap Tools
References	~~() https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1 -~~	() https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1 - Mailing List, Vendor Advisory
References	~~() http://www.openwall.com/lists/oss-security/2024/10/03/2 -~~	() http://www.openwall.com/lists/oss-security/2024/10/03/2 - Mailing List, Third Party Advisory
References	~~() https://security.netapp.com/advisory/ntap-20250131-0010/ -~~	() https://security.netapp.com/advisory/ntap-20250131-0010/ - Third Party Advisory

31 Jan 2025, 15:15

Type	Values Removed	Values Added
References		() https://security.netapp.com/advisory/ntap-20250131-0010/ -

Information

Published : 2024-10-03 12:15

Updated : 2025-07-10 21:10

NVD link : CVE-2024-47554

Mitre link : CVE-2024-47554

CVE.ORG link : CVE-2024-47554

JSON object : View

Products Affected

apache

commons_io

netapp

e-series_santricity_unified_manager
bluexp
snapcenter
ontap_tools
santricity_storage_plugin
active_iq_unified_manager
e-series_santricity_web_services_proxy

CWE

CWE-400

Uncontrolled Resource Consumption

4.3 /10