org.apache.commons:commons-configuration2
Maven5 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.apache.commons:commons-configuration2page 1 of 1
- CVE-2020-1953CRITICALCVSS 10.0EG 10.0✓ Fixed in 2.72020-03-13
vulnerable: 2.2, 2.3, 2.4, 2.5, 2.6
Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not…
- CVE-2022-33980CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.8.02022-07-06
vulnerable: 2.4, 2.5, 2.6, 2.7
Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apac…
- CVE-2024-29131HIGHCVSS 7.3EG 7.3✓ Fixed in 2.10.12024-03-21
vulnerable: 2.0 ... 2.9.0 (12 versions)
Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue.
- CVE-2024-29133MEDIUMCVSS 5.4EG 5.4✓ Fixed in 2.10.12024-03-21
vulnerable: 2.0 ... 2.9.0 (12 versions)
Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue.
- CVE-2026-45205MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2.15.02026-05-14
vulnerable: 2.10.0 ... 2.9.0 (14 versions)
Uncontrolled Recursion vulnerability in Apache Commons. When processing an untrusted configuration file, Commons Configuration will throw a StackOverflowError for YAML input with cycles. This issue affects Apache Commons: from 2.2 before …
Check whether org.apache.commons:commons-configuration2 is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.commons:commons-configuration2 CVEs against the assets you own.
Start Free Scan →