Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader

Upgrade commons-io:commons-io to version 2.14.0 or later. For example:

```
<dependency>
  <groupId>commons-io</groupId>
  <artifactId>commons-io</artifactId>
  <version>[2.14.0,)</version>
</dependency>

```


The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.

This issue affects Apache Commons IO: from 2.0 before 2.14.0.

Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader #653

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader #653

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions