Apache Commons Collections Uncontrolled Recursion Vulnerability Cx78f40514-81ff

Issue date: 21-09-2022
Affects versions: 15.1, 14.7, 13.4

Security Issue ID

SECURITY-365

Affected Product Version(s)

15.1.0, 14.7.8, 13.4.18, and all previous versions

Severity

Medium

Description

Cx78f40514-81ff

The framework Apache Commons Collections before 4.3 is vulnerable to Stack Overflow. The function add() in the file src/main/java/org/apache/commons/collections4/list/SetUniqueList.java throws a StackOverflowError when the add() method is called with its own list.

The problem has been recognized and patched. The fix is available in version 4.3.0

Instructions

Currently there is no version to fix this vulnerability. Since the fix would cause backwards compatibility issues that are worse than the potential vulnerability here, the plan is to fix it in next major version.

Get Started

Build a Website

Relevance Trail

Feed an AngularJS App

Deploy in BloomReach Cloud

Use Blue-Green Deployment in BloomReach Cloud

Understand

Implement

Extend

Integrate

Run

Upgrade

Develop

Use

Bloomreach Documentation version

Apache Commons Collections Uncontrolled Recursion Vulnerability Cx78f40514-81ff