High severity7.3NVD Advisory· Published Mar 21, 2024· Updated Jun 17, 2026
CVE-2024-29131
CVE-2024-29131
Description
Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1.
Users are recommended to upgrade to version 2.10.1, which fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.commons:commons-configuration2Maven | >= 2.0, < 2.10.1 | 2.10.1 |
Affected products
168- osv-coords167 versionspkg:apk/chainguard/cassandra-reaperpkg:apk/chainguard/cassandra-reaper-jre-bcfipspkg:apk/chainguard/celeborn-0.5pkg:apk/chainguard/celeborn-0.6pkg:apk/chainguard/druidpkg:apk/chainguard/hadoop-client-modulespkg:apk/chainguard/neo4jpkg:apk/chainguard/neo4j-oci-entrypointpkg:apk/chainguard/tezpkg:apk/chainguard/trinopkg:apk/chainguard/trino-configpkg:apk/chainguard/trino-oci-entrypointpkg:apk/chainguard/trino-plugin-accumulopkg:apk/chainguard/trino-plugin-ai-functionspkg:apk/chainguard/trino-plugin-atoppkg:apk/chainguard/trino-plugin-bigquerypkg:apk/chainguard/trino-plugin-blackholepkg:apk/chainguard/trino-plugin-cassandrapkg:apk/chainguard/trino-plugin-clickhousepkg:apk/chainguard/trino-plugin-delta-lakepkg:apk/chainguard/trino-plugin-druidpkg:apk/chainguard/trino-plugin-duckdbpkg:apk/chainguard/trino-plugin-elasticsearchpkg:apk/chainguard/trino-plugin-example-httppkg:apk/chainguard/trino-plugin-exasolpkg:apk/chainguard/trino-plugin-exchange-filesystempkg:apk/chainguard/trino-plugin-exchange-hdfspkg:apk/chainguard/trino-plugin-fakerpkg:apk/chainguard/trino-plugin-functions-pythonpkg:apk/chainguard/trino-plugin-geospatialpkg:apk/chainguard/trino-plugin-google-sheetspkg:apk/chainguard/trino-plugin-hivepkg:apk/chainguard/trino-plugin-http-event-listenerpkg:apk/chainguard/trino-plugin-http-server-event-listenerpkg:apk/chainguard/trino-plugin-hudipkg:apk/chainguard/trino-plugin-icebergpkg:apk/chainguard/trino-plugin-ignitepkg:apk/chainguard/trino-plugin-jmxpkg:apk/chainguard/trino-plugin-kafkapkg:apk/chainguard/trino-plugin-kafka-event-listenerpkg:apk/chainguard/trino-plugin-kinesispkg:apk/chainguard/trino-plugin-kudupkg:apk/chainguard/trino-plugin-lakehousepkg:apk/chainguard/trino-plugin-ldap-group-providerpkg:apk/chainguard/trino-plugin-local-filepkg:apk/chainguard/trino-plugin-lokipkg:apk/chainguard/trino-plugin-mariadbpkg:apk/chainguard/trino-plugin-memorypkg:apk/chainguard/trino-plugin-mlpkg:apk/chainguard/trino-plugin-mongodbpkg:apk/chainguard/trino-plugin-mysqlpkg:apk/chainguard/trino-plugin-mysql-event-listenerpkg:apk/chainguard/trino-plugin-opapkg:apk/chainguard/trino-plugin-openlineagepkg:apk/chainguard/trino-plugin-opensearchpkg:apk/chainguard/trino-plugin-oraclepkg:apk/chainguard/trino-plugin-password-authenticatorspkg:apk/chainguard/trino-plugin-phoenix5pkg:apk/chainguard/trino-plugin-pinotpkg:apk/chainguard/trino-plugin-postgresqlpkg:apk/chainguard/trino-plugin-prometheuspkg:apk/chainguard/trino-plugin-rangerpkg:apk/chainguard/trino-plugin-raptor-legacypkg:apk/chainguard/trino-plugin-redispkg:apk/chainguard/trino-plugin-redshiftpkg:apk/chainguard/trino-plugin-resource-group-managerspkg:apk/chainguard/trino-plugin-session-property-managerspkg:apk/chainguard/trino-plugin-singlestorepkg:apk/chainguard/trino-plugin-snowflakepkg:apk/chainguard/trino-plugin-spooling-filesystempkg:apk/chainguard/trino-plugin-sqlserverpkg:apk/chainguard/trino-plugin-teradata-functionspkg:apk/chainguard/trino-plugin-thriftpkg:apk/chainguard/trino-plugin-tpcdspkg:apk/chainguard/trino-plugin-tpchpkg:apk/chainguard/trino-plugin-verticapkg:apk/wolfi/cassandra-reaperpkg:apk/wolfi/celeborn-0.5pkg:apk/wolfi/celeborn-0.6pkg:apk/wolfi/druidpkg:apk/wolfi/neo4jpkg:apk/wolfi/neo4j-oci-entrypointpkg:apk/wolfi/tezpkg:apk/wolfi/trinopkg:apk/wolfi/trino-configpkg:apk/wolfi/trino-oci-entrypointpkg:apk/wolfi/trino-plugin-accumulopkg:apk/wolfi/trino-plugin-ai-functionspkg:apk/wolfi/trino-plugin-atoppkg:apk/wolfi/trino-plugin-bigquerypkg:apk/wolfi/trino-plugin-blackholepkg:apk/wolfi/trino-plugin-cassandrapkg:apk/wolfi/trino-plugin-clickhousepkg:apk/wolfi/trino-plugin-delta-lakepkg:apk/wolfi/trino-plugin-druidpkg:apk/wolfi/trino-plugin-duckdbpkg:apk/wolfi/trino-plugin-elasticsearchpkg:apk/wolfi/trino-plugin-example-httppkg:apk/wolfi/trino-plugin-exasolpkg:apk/wolfi/trino-plugin-exchange-filesystempkg:apk/wolfi/trino-plugin-exchange-hdfspkg:apk/wolfi/trino-plugin-fakerpkg:apk/wolfi/trino-plugin-functions-pythonpkg:apk/wolfi/trino-plugin-geospatialpkg:apk/wolfi/trino-plugin-google-sheetspkg:apk/wolfi/trino-plugin-hivepkg:apk/wolfi/trino-plugin-http-event-listenerpkg:apk/wolfi/trino-plugin-http-server-event-listenerpkg:apk/wolfi/trino-plugin-hudipkg:apk/wolfi/trino-plugin-icebergpkg:apk/wolfi/trino-plugin-ignitepkg:apk/wolfi/trino-plugin-jmxpkg:apk/wolfi/trino-plugin-kafkapkg:apk/wolfi/trino-plugin-kafka-event-listenerpkg:apk/wolfi/trino-plugin-kinesispkg:apk/wolfi/trino-plugin-kudupkg:apk/wolfi/trino-plugin-lakehousepkg:apk/wolfi/trino-plugin-ldap-group-providerpkg:apk/wolfi/trino-plugin-local-filepkg:apk/wolfi/trino-plugin-lokipkg:apk/wolfi/trino-plugin-mariadbpkg:apk/wolfi/trino-plugin-memorypkg:apk/wolfi/trino-plugin-mlpkg:apk/wolfi/trino-plugin-mongodbpkg:apk/wolfi/trino-plugin-mysqlpkg:apk/wolfi/trino-plugin-mysql-event-listenerpkg:apk/wolfi/trino-plugin-opapkg:apk/wolfi/trino-plugin-openlineagepkg:apk/wolfi/trino-plugin-opensearchpkg:apk/wolfi/trino-plugin-oraclepkg:apk/wolfi/trino-plugin-password-authenticatorspkg:apk/wolfi/trino-plugin-phoenix5pkg:apk/wolfi/trino-plugin-pinotpkg:apk/wolfi/trino-plugin-postgresqlpkg:apk/wolfi/trino-plugin-prometheuspkg:apk/wolfi/trino-plugin-rangerpkg:apk/wolfi/trino-plugin-raptor-legacypkg:apk/wolfi/trino-plugin-redispkg:apk/wolfi/trino-plugin-redshiftpkg:apk/wolfi/trino-plugin-resource-group-managerspkg:apk/wolfi/trino-plugin-session-property-managerspkg:apk/wolfi/trino-plugin-singlestorepkg:apk/wolfi/trino-plugin-snowflakepkg:apk/wolfi/trino-plugin-spooling-filesystempkg:apk/wolfi/trino-plugin-sqlserverpkg:apk/wolfi/trino-plugin-teradata-functionspkg:apk/wolfi/trino-plugin-thriftpkg:apk/wolfi/trino-plugin-tpcdspkg:apk/wolfi/trino-plugin-tpchpkg:apk/wolfi/trino-plugin-verticapkg:maven/org.apache.commons/commons-configuration2pkg:rpm/opensuse/apache-commons-configuration2&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/apache-commons-configuration2&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/apache-commons-configuration&distro=openSUSE%20Leap%2015.5pkg:rpm/suse/apache-commons-configuration2&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/apache-commons-configuration2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/apache-commons-configuration2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/apache-commons-configuration2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/apache-commons-configuration2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/apache-commons-configuration2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/apache-commons-configuration2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/apache-commons-configuration2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/apache-commons-configuration2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/apache-commons-configuration2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/apache-commons-configuration2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/apache-commons-configuration2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/apache-commons-configuration&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5
< 3.6.0-r0+ 166 more
- (no CPE)range: < 3.6.0-r0
- (no CPE)range: < 3.5.0-r2
- (no CPE)range: < 0.5.4-r26
- (no CPE)range: < 0.6.3-r7
- (no CPE)range: < 37.0.0-r14
- (no CPE)range: < 3.3.6-r2
- (no CPE)range: < 5.20.0-r0
- (no CPE)range: < 5.20.0-r0
- (no CPE)range: < 0.10.4-r6
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 3.6.0-r0
- (no CPE)range: < 0.5.4-r26
- (no CPE)range: < 0.6.3-r7
- (no CPE)range: < 37.0.0-r14
- (no CPE)range: < 5.20.0-r0
- (no CPE)range: < 5.20.0-r0
- (no CPE)range: < 0.10.4-r6
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: < 444-r1
- (no CPE)range: >= 2.0, < 2.10.1
- (no CPE)range: < 2.10.1-150200.5.8.1
- (no CPE)range: < 2.10.1-1.1
- (no CPE)range: < 1.10-150200.3.11.1
- (no CPE)range: < 2.10.1-150200.5.8.1
- (no CPE)range: < 2.10.1-150200.5.8.1
- (no CPE)range: < 2.10.1-150200.5.8.1
- (no CPE)range: < 2.10.1-150200.5.8.1
- (no CPE)range: < 2.10.1-150200.5.8.1
- (no CPE)range: < 2.10.1-150200.5.8.1
- (no CPE)range: < 2.10.1-150200.5.8.1
- (no CPE)range: < 2.10.1-150200.5.8.1
- (no CPE)range: < 2.10.1-150200.5.8.1
- (no CPE)range: < 2.10.1-150200.5.8.1
- (no CPE)range: < 2.10.1-150200.5.8.1
- (no CPE)range: < 2.10.1-150200.5.8.1
- (no CPE)range: < 1.10-150200.3.11.1
- Range: 2.0
Patches
Vulnerability mechanics
References
12- www.openwall.com/lists/oss-security/2024/03/20/4nvdMailing ListThird Party AdvisoryWEB
- github.com/advisories/GHSA-xjp4-hw94-mvp5ghsaADVISORY
- lists.apache.org/thread/03nzzzjn4oknyw5y0871tw7ltj0t3r37nvdMailing ListVendor AdvisoryWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNKDKEEKZNL5FGCTZKJ6CFXFVWFL5FJ7/nvdThird Party Advisory
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YD4AFTIIQW662LUAQRMWS6BBKYSZG3YS/nvdThird Party Advisory
- nvd.nist.gov/vuln/detail/CVE-2024-29131ghsaADVISORY
- security.netapp.com/advisory/ntap-20241213-0001/nvdThird Party Advisory
- github.com/apache/commons-configuration/commit/56b5c4dcdffbde27870df5a3105d6a5f9b22f554ghsaWEB
- issues.apache.org/jira/browse/CONFIGURATION-840ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNKDKEEKZNL5FGCTZKJ6CFXFVWFL5FJ7ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YD4AFTIIQW662LUAQRMWS6BBKYSZG3YSghsaWEB
- security.netapp.com/advisory/ntap-20241213-0001ghsaWEB
News mentions
0No linked articles in our index yet.