Security update for apache-commons-lang3, apache-commons-text, apache-commons-configuration2, apache-commons-cli, apache-commons-io, apache-commons-codec (important)

openSUSE security update: security update for apache-commons-lang3, apache-commons-text, apache-commons-configuration2, apache-commons-cli, apache-commons-io, apache-commons-codec ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20841-1 Rating:...

OPENSUSE-SU-2026:20841-1 Security update for apache-commons-lang3, apache-commons-text, apache-commons-configuration2, apache-commons-cli, apache-commons-io, apache-commons-codec

This update for apache-commons-lang3, apache-commons-text, apache-commons-configuration2, apache-commons-cli, apache-commons-io, apache-commons-codec fixes the following issues: Changes in apache-commons-lang3: Update to 3.20.0 New features: + Add SystemProperties.getPathString, Supplier + Add...

ai.catboost:catboost-spark_4.0_2.13 (=1.2.10), ai.catboost:catboost-spark_4.1_2.13 (=1.2.10) +2938 more potentially affected by CVE-2026-45205 via org.apache.commons:commons-configuration2 (>=2.0 <=2.14.0)

org.apache.commons:commons-configuration2 MAVEN version =2.0, =0.31.0, =0.1.9, =0.1.9, =0.1.9, =3.30.1.1, =3.10.0.5, =3.10.0.7, =0.2.3.5, =0.1.9, =1.2.3, =1.2.3, =3.0.0-ALPHA1, =2.0.0, =2.4.1 and more Source cves: CVE-2026-45205 Source advisory: SNYK:JAVA-ORGAPACHECOMMONS-16690473...

OPENSUSE-SU-2024:13259-1 apache-commons-configuration2-2.9.0-1.1 on GA media

These are all security issues fixed in the apache-commons-configuration2-2.9.0-1.1 package on the GA media of openSUSE Tumbleweed...

Important: Red Hat Security Advisory: Migration Toolkit for Runtimes security, bug fix and enhancement update

Migration Toolkit for Runtimes 1.2.6 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

SUSE: Security Advisory (SUSE-SU-2024:1365-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : apache-commons-configuration2 (SUSE-SU-2024:1365-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1365-1 advisory. - Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache...

Debian: Security Advisory (DSA-5290-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: Red Hat Security Advisory: Red Hat Fuse 7.11.1 release and security update

A minor version update from 7.11 to 7.11.1 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

DSA-5290-1 commons-configuration2 - security update

Bulletin has no description...

PT-2022-37266 · Apache · Apache Commons Configuration2

Name of the Vulnerable Software and Affected Versions: Apache Commons Configuration2 affected versions not specified Description: The issue is related to a security exception in the java.util.Collections$UnmodifiableCollection.forEach method, which is called by...

Arbitrary Code Execution

commons-configuration2 is vulnerable to Arbitrary Code Execution. The vulnerability exists because the getDefaultPrefixLookups function of ConfigurationInterpolator.java does not properly disable the default interpolation prefix lookups such as dns, url, and script during variable interpolation,...

Arbitrary Code Execution

commons-configuration2 is vulnerable to arbitrary code execution. The package uses a third-party library that, by default, allows the instantiation of arbitrary classes to parse if the YAML contains special statements. This allows an attacker to execute arbitrary code on the host application if t...

Arbitrary Code Execution

commons-configuration2 is vulnerable to arbitrary code execution. The library allows instantiation of classes when parsing YAML files. This allows an attacker to execute arbitrary code via a malicious YAML file containing special statements that creates arbitrary Java objects...