Skip to main content

Commons Configuration

5 CVEs product

Monthly

CVE-2025-46392 Maven MEDIUM PATCH This Month

Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Java Denial Of Service Commons Configuration Red Hat +1
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-29133 Maven MEDIUM PATCH This Month

Out-of-bounds Write vulnerability in Apache Commons Configuration.0 before 2.10.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Apache Memory Corruption Commons Configuration Fedora
NVD
CVSS 3.1
5.4
EPSS
1.7%
CVE-2024-29131 Maven HIGH PATCH This Week

Out-of-bounds Write vulnerability in Apache Commons Configuration.0 before 2.10.1. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apache Memory Corruption Commons Configuration Fedora +2
NVD
CVSS 3.1
7.3
EPSS
2.1%
CVE-2022-33980 Maven CRITICAL PATCH Act Now

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apache Commons Configuration Snapcenter Debian Linux
NVD
CVSS 3.1
9.8
EPSS
42.6%
CVE-2020-1953 Maven CRITICAL PATCH Act Now

Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Commons Configuration Database Server Healthcare Foundation
NVD
CVSS 3.1
10.0
EPSS
6.7%
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Java Denial Of Service +3
NVD
EPSS 2% CVSS 5.4
MEDIUM PATCH This Month

Out-of-bounds Write vulnerability in Apache Commons Configuration.0 before 2.10.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Apache Memory Corruption +2
NVD
EPSS 2% CVSS 7.3
HIGH PATCH This Week

Out-of-bounds Write vulnerability in Apache Commons Configuration.0 before 2.10.1. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apache Memory Corruption +4
NVD
EPSS 43% CVSS 9.8
CRITICAL PATCH Act Now

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apache Commons Configuration +2
NVD
EPSS 7% CVSS 10.0
CRITICAL PATCH Act Now

Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Commons Configuration +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy