CVE-2022-33980

CVE-2022-33980 affects Apache Commons Configuration (versions 2.4–2.7). The vulnerability arises in the default interpolation lookups, where interpolation of the form ${prefix:name} can trigger lookups such as script , dns , and url . These lookups could enable arbitrary code execution or contact...

CVE-2024-29131

CVE-2024-29131 describes an out-of-bounds write in Apache Commons Configuration, affecting 2.x releases prior to 2.10.1. Fedora advisories and Fedora/OS update entries confirm 2.10.1 as the fixed version. The connected docs provide the fix version but do not include symptom details, exploitation ...

CVE-2024-29133

CVE-2024-29133 describes an out-of-bounds write vulnerability in Apache Commons Configuration, affecting versions 2.0 up to 2.10.0 (and related entries indicate 2.0 through 2.10.1 as impacted). The issue is fixed in 2.10.1. Multiple connected sources corroborate the vulnerability class and the fi...

CVE-2020-1953

CVE-2020-1953 affects Apache Commons Configuration, where the YAML parser’s default behavior can instantiate arbitrary classes, enabling remote code execution if a crafted YAML file is loaded from an untrusted source. The vulnerability has been described across multiple sources, including IBM adv...

CVE-2025-46392

CVE-2025-46392 describes an Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x. The issue arises when loading untrusted configurations or using unusual usage patterns, leading to excessive resource use. The provided documents indicate that the Apache Commons Confi...

CVE-2026-45205

CVE-2026-45205 describes an uncontrolled recursion (StackOverflowError) in Apache Commons Configuration when processing untrusted YAML configuration files with cycles. Affected versions are 2.2 prior to 2.15.0; the advisory recommends upgrading to 2.15.0 to fix the issue. Public disclosures acros...