{"vulnerability": "CVE-2024-29131", "sightings": [{"uuid": "ef1a1af8-919a-435a-a4bf-2282aa722708", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-29131", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15711", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46392\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x.\n\nThere are a number of issues in Apache Commons Configuration 1.x that allow excessive resource consumption when loading untrusted configurations or using unexpected usage patterns. The Apache Commons Configuration team does not intend to fix these issues in 1.x. Apache Commons Configuration 1.x is still safe to use in scenario's where you only load trusted configurations. \n\n\nUsers that load untrusted configurations or give attackers control over usage patterns are recommended to upgrade to the 2.x version line, which fixes these issues. Apache Commons Configuration 2.x is not a drop-in replacement, but as it uses a separate Maven groupId and Java package namespace they can be loaded side-by-side, making it possible to do a gradual migration.\n\ud83d\udccf Published: 2025-05-09T09:34:38.854Z\n\ud83d\udccf Modified: 2025-05-09T09:34:38.854Z\n\ud83d\udd17 References:\n1. https://www.cve.org/CVERecord?id=CVE-2024-29131\n2. https://www.cve.org/CVERecord?id=CVE-2024-29133\n3. https://lists.apache.org/thread/y1pl0mn3opz6kwkm873zshjdxq3dwq5s", "creation_timestamp": "2025-05-09T10:25:06.000000Z"}, {"uuid": "7bad07f9-71db-41e6-9877-f38ce6bbc1f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-29131", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4315", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-29131\n\ud83d\udd25 CVSS Score: 6.4 (CVSS_V3)\n\ud83d\udd39 Description: This Out-of-bounds Write vulnerability in Apache Commons Configuration affects Apache Commons Configuration: from 2.0 before 2.10.1. User can see this as a 'StackOverflowError' when adding a property in 'AbstractListDelimiterHandler.flattenIterator()'.\nUsers are recommended to upgrade to version 2.10.1, which fixes the issue.\n\ud83d\udccf Published: 2024-03-21T09:31:14Z\n\ud83d\udccf Modified: 2025-02-13T19:05:12Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-29131\n2. https://github.com/apache/commons-configuration/commit/56b5c4dcdffbde27870df5a3105d6a5f9b22f554\n3. https://github.com/apache/commons-configuration\n4. https://issues.apache.org/jira/browse/CONFIGURATION-840\n5. https://lists.apache.org/thread/03nzzzjn4oknyw5y0871tw7ltj0t3r37\n6. https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNKDKEEKZNL5FGCTZKJ6CFXFVWFL5FJ7\n7. https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YD4AFTIIQW662LUAQRMWS6BBKYSZG3YS\n8. https://security.netapp.com/advisory/ntap-20241213-0001\n9. http://www.openwall.com/lists/oss-security/2024/03/20/4", "creation_timestamp": "2025-02-13T19:16:57.000000Z"}]}