CVE-2024-47554

moderate-risk

Published 2024-10-03

Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.

Do I need to act?

0.17% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.3/10 Medium

NETWORK / LOW complexity

Affected Products (11)

Commons Io

Active Iq Unified Manager

Bluexp

E-Series Santricity Unified Manager

E-Series Santricity Web Services Proxy

Ontap Tools

Santricity Storage Plugin

Snapcenter

Affected Vendors

Apache Netapp

References (3)

Mailing List https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1

Mailing List http://www.openwall.com/lists/oss-security/2024/10/03/2

Third Party Advisory https://security.netapp.com/advisory/ntap-20250131-0010/

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 16/34 · Moderate