CVE-2024-29131

Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()

Description

This Out-of-bounds Write vulnerability in Apache Commons Configuration affects Apache Commons Configuration: from 2.0 before 2.10.1. User can see this as a 'StackOverflowError' when adding a property in 'AbstractListDelimiterHandler.flattenIterator()'. Users are recommended to upgrade to version 2.10.1, which fixes the issue.

Patch Available

Fix available through Seal Security.  
No upgrade required, protect your application instantly.

Fix without upgrading

Score

6.5

Severity

Medium

Ecosystem

Java

Publish Date

March 21, 2024

Modified Date

February 3, 2026

Score Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Affected Versions