Apache Software Foundation Commons Configuration 2.3

CPE Details

Apache Software Foundation Commons Configuration 2.3
apache
commons_configuration
2.3
2020-03-19
15h37 +00:00
2020-03-19
15h37 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:apache:commons_configuration:2.3:*:*:*:*:*:*:*

Informations

Vendor

apache

Product

commons_configuration

Version

2.3

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-29131 2024-03-21 09h07 +00:00 Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue.
7.3
High
CVE-2024-29133 2024-03-21 09h05 +00:00 Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue.
5.4
Medium
CVE-2020-1953 2020-03-13 13h58 +00:00 Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this library. So if a YAML file was loaded from an untrusted source, it could therefore load and execute code out of the control of the host application.
10
Critical
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.