Severity: low Affected versions:
- Apache Commons Configuration (org.apache.commons:commons-configuration2) 2.2 before 2.15.0 Description: Uncontrolled Recursion vulnerability in Apache Commons. When processing an untrusted configuration file, Commons Configuration will throw a StackOverflowError for YAML input with cycles. This issue affects Apache Commons: from 2.2 before 2.15.0. Users are recommended to upgrade to version 2.15.0, which fixes the issue. Credit: Erichen, Institute of Computing Technology, Chinese Academy of Sciences (reporter) References: https://github.com/apache/commons-configuration/pull/634 https://commons.apache.org/ https://www.cve.org/CVERecord?id=CVE-2026-45205 --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
