{"id":"AZL-50031","summary":"CVE-2024-47554 affecting package apache-commons-io for versions less than 2.14.0-1","details":"Uncontrolled Resource Consumption vulnerability in Apache Commons IO.\n\nThe org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.\n\n\nThis issue affects Apache Commons IO: from 2.0 before 2.14.0.\n\nUsers are recommended to upgrade to version 2.14.0 or later, which fixes the issue.","modified":"2026-04-01T05:16:14.573251Z","published":"2024-10-03T12:15:02Z","upstream":["CVE-2024-47554"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47554"}],"affected":[{"package":{"name":"apache-commons-io","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/apache-commons-io"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.14.0-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-50031.json"}}],"schema_version":"1.7.5"}