View all vulnerabilities

CVE-2024-29133

Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree

This Out-of-bounds Write vulnerability in Apache Commons Configuration affects Apache Commons Configuration: from 2.0 before 2.10.1. User can see this as a 'StackOverflowError' calling 'ListDelimiterHandler.flatten(Object, int)' with a cyclical object tree.Users are recommended to upgrade to version 2.10.1, which fixes the issue.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
6.4
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Affected Versions
org.apache.commons:commons-configuration2 >= 2.0 < 2.10.1
Severity
Medium
Ecosystem
Publish Date
March 21, 2024
Modified Date
February 13, 2025