VYPR

Commons Configuration

by Apache

Source repositories

CVEs (6)

  • CVE-2026-45205MedMay 14, 2026
    risk 0.27cvss 5.3epss 0.00

    Uncontrolled Recursion vulnerability in Apache Commons. When processing an untrusted configuration file, Commons Configuration will throw a StackOverflowError for YAML input with cycles. This issue affects Apache Commons: from 2.2 before 2.15.0. Users are recommended to…

  • CVE-2022-33980Jul 6, 2022
    risk 0.07cvss epss 0.35

    Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup…

  • CVE-2025-46392May 9, 2025
    risk 0.00cvss epss 0.02

    Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x. There are a number of issues in Apache Commons Configuration 1.x that allow excessive resource consumption when loading untrusted configurations or using unexpected usage patterns. The Apache…

  • CVE-2024-29131Mar 21, 2024
    risk 0.00cvss epss 0.02

    Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue.

  • CVE-2024-29133Mar 21, 2024
    risk 0.00cvss epss 0.02

    Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue.

  • CVE-2020-1953Mar 13, 2020
    risk 0.00cvss epss 0.07

    Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this…