Bob Marinier

**Name of the Vulnerable Software and Affected Versions** Apache Commons Configuration versions 2.0 through 2.10.0 Atlassian Confluence Data Center versions 7.17.0 through 8.9.0 Atlassian Confluence Server versions 7.17.0 through 8.5.8 **Description** The issue is related to an out-of-bounds write vulnerability in the Apache Commons Configuration library, specifically in the `AbstractListDelimiterHandler.flattenIterator()` function. This vulnerability can be exploited by a remote attacker to execute arbitrary code using specially crafted data. The vulnerability can cause a stack overflow, leading to a denial of service condition. **Recommendations** Apache Commons Configuration versions 2.0 through 2.10.0: Upgrade to version 2.10.1. Atlassian Confluence Data Center versions 7.17.0 through 8.9.0: Upgrade to version 8.9.1 or the latest version. Atlassian Confluence Data Center versions 8.5.0 through 8.5.8: Upgrade to version 8.5.9 LTS or 8.9.1. Atlassian Confluence Server versions 7.17.0 through 8.5.8: Upgrade to version 8.5.9 LTS or the latest version. Atlassian Confluence Data Center and Server versions prior to 7.17.0: Upgrade to version 8.9.1, 8.5.9 LTS, or 7.19.23 LTS.