Maven package
org.apache.commons/commons-configuration2
pkg:maven/org.apache.commons/commons-configuration2
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-29131 | — | >= 2.0, < 2.10.1 | 2.10.1 | Mar 21, 2024 | Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue. | ||
| CVE-2024-29133 | — | >= 2.0, < 2.10.1 | 2.10.1 | Mar 21, 2024 | Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue. | ||
| CVE-2022-33980 | — | >= 2.4, < 2.8.0 | 2.8.0 | Jul 6, 2022 | Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup | ||
| CVE-2020-1953 | — | >= 2.2, < 2.7 | 2.7 | Mar 13, 2020 | Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this libr |
- CVE-2024-29131Mar 21, 2024affected >= 2.0, < 2.10.1fixed 2.10.1
Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue.
- CVE-2024-29133Mar 21, 2024affected >= 2.0, < 2.10.1fixed 2.10.1
Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue.
- CVE-2022-33980Jul 6, 2022affected >= 2.4, < 2.8.0fixed 2.8.0
Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup
- CVE-2020-1953Mar 13, 2020affected >= 2.2, < 2.7fixed 2.7
Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this libr