205 matches found
CVE-2024-29131
Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue...
CVE-2024-29133
CVE-2024-29133 describes an out-of-bounds write vulnerability in Apache Commons Configuration, affecting versions 2.0 up to 2.10.0 (and related entries indicate 2.0 through 2.10.1 as impacted). The issue is fixed in 2.10.1. Multiple connected sources corroborate the vulnerability class and the fi...
CVE-2024-29133 Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree
Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue...
CVE-2024-29133
Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue...
Apache Commons Configuration 2.0.x < 2.10.1 Multiple Vulnerabilities
The Apache Commons Configuration library is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Apache Commons Configuration 缓冲区错误漏洞
Apache Commons Configuration is the United States Apache Apache Foundation , a common configuration interface , it is mainly used to enable Java applications to read configuration data from a variety of sources . An out-of-bounds write vulnerability exists in Apache Commons Configuration versions...
Apache Commons Configuration 缓冲区错误漏洞
Apache Commons Configuration is the United States Apache Apache Foundation , a common configuration interface , it is mainly used to enable Java applications to read configuration data from a variety of sources . An out-of-bounds write vulnerability exists in Apache Commons Configuration versions...
PT-2024-2437 · Atlassian +3 · Confluence +3
Name of the Vulnerable Software and Affected Versions: Apache Commons Configuration versions 2.0 through 2.10.0 Confluence Data Center and Server versions prior to 8.9.1 Confluence Data Center versions 8.8.0 through 8.8.1 Confluence Data Center versions 8.7.0 through 8.7.2 Confluence Data Center...
PT-2024-2438 · Apache +3 · Apache Commons Configuration +3
Name of the Vulnerable Software and Affected Versions: Apache Commons Configuration versions 2.0 through 2.10.0 Atlassian Confluence Data Center versions 7.17.0 through 8.9.0 Atlassian Confluence Server versions 7.17.0 through 8.5.8 Description: The issue is related to an out-of-bounds write...
Oracle Business Intelligence Enterprise Edition (OAS 6.4) (October 2023 CPU)
The version of Oracle Business Intelligence Enterprise Edition OAS 6.4.0.0.0 installed on the remote host is affected by multiple vulnerabilities as referenced in the October 2023 CPU advisory, including the following: - Vulnerability in the Oracle Business Intelligence Enterprise Edition product...
Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded.
Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...
apache-commons-configuration: Apache Commons Configuration insecure interpolation defaults
A flaw was found in Apache Commons Configuration's variable interpolation, which by default included several lookup actions that could permit script invocation on remote servers. This issue could allow an attacker to use one of these actions to send a request to execute arbitrary code on the serv...
Arbitrary File Read
jenkins-2-plugins is vulnerable to Arbitrary File Read. The library does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons configuration library that enable the file: prefix interpolator by default, allowing attackers to configure pipelines to read...
K08006936: Apache Commons Configuration vulnerability CVE-2022-33980
Security Advisory Description Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of...
SUSE CVE-2019-14892
A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code...
SUSE CVE-2022-33980
Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...
apache-commons-configuration: Apache Commons Configuration insecure interpolation defaults
A flaw was found in Apache Commons Configuration's variable interpolation, which by default included several lookup actions that could permit script invocation on remote servers. This issue could allow an attacker to use one of these actions to send a request to execute arbitrary code on the serv...
[SECURITY] [DSA 5290-1] commons-configuration2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5290-1 [email protected] https://www.debian.org/security/ Markus Koschany November 28, 2022 https://www.debian.org/security/faq -...
Security Bulletin: Apache Commons Text and Apache Commons Configuration vulnerabilities affects IBM Operations Analytics Predictive Insights [CVE-2022-42889, CVE-2022-33980]
Summary Apache Commons Text and Apache Commons Configuration vulnerabilities affects IBM Operations Analytics Predictive Insights CVE-2022-42889, CVE-2022-33980. Apache Commons Text and Apache Commons Configuration is used by IBM Operations Analytics Predictive Insight REST Mediation Service, par...
Debian DSA-5290-1 : commons-configuration2 - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5290 advisory. - Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is...