- CVE ID
- CVE-2024-29131
- CVE Description
- Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1.
Users are recommended to upgrade to version 2.10.1, which fixes the issue.
- Published
- Mar 22, 2024
- CVSS Score & Severity
6.5Medium
- CVSS Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
- EPSS Score
- 0.248%
- KEV Status
Not in KEV Catalog: No known exploits
- Vulnerable Methods
org/apache/commons/configuration/AbstractConfiguration.addProperty(Ljava/lang/String;Ljava/lang/Object;)VJVMVulnerable params: 1
org/apache/commons/configuration/BaseConfiguration.addProperty(Ljava/lang/String;Ljava/lang/Object;)VJVMVulnerable params: 1
org/apache/commons/configuration/PropertyConverter.flatten(Ljava/lang/Object;C)Ljava/util/Collection;JVMVulnerable params: 0
org/apache/commons/configuration2/convert/AbstractListDelimiterHandler.flatten(Ljava/lang/Object;I)Ljava/util/Collection;JVMVulnerable params: 0
org/apache/commons/configuration2/convert/ListDelimiterHandler.flatten(Ljava/lang/Object;I)Ljava/util/Collection;JVMVulnerable params: 0
- Source
- National Vulnerability Database