Apache Commons Collections Uncontrolled Recursion Vulnerability Cx78f40514-81ff

Issue date: 21-09-2022
Affects versions: 15.1, 14.7, 13.4

Security Issue ID

SECURITY-365

Affected Product Version(s)

15.1.0, 14.7.8, 13.4.18, and all previous versions

Severity

Medium

Description

Cx78f40514-81ff

The framework Apache Commons Collections before 4.3 is vulnerable to Stack Overflow. The function add() in the file src/main/java/org/apache/commons/collections4/list/SetUniqueList.java throws a StackOverflowError when the add() method is called with its own list.

The problem has been recognized and patched. The fix is available in version 4.3.0

Instructions

Currently there is no version to fix this vulnerability. Since the fix would cause backwards compatibility issues that are worse than the potential vulnerability here, the plan is to fix it in next major version.

Content Application

Channels

Projects

Relevance

Architecture

Concepts

Platform Configuration

Frontend Integration

Backend Development

Commerce Accelerator

Cloud Deployment (PaaS)

On-Premise Deployment

Security

Release Management

Platform Development

Bloomreach Documentation version

Apache Commons Collections Uncontrolled Recursion Vulnerability Cx78f40514-81ff