PT-2024-2438 · Atlassian+3 · Confluence+3
Bob Marinier
·
Published
2024-03-13
·
Updated
2026-05-18
·
CVE-2024-29131
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Apache Commons Configuration versions 2.0 through 2.10.0
Atlassian Confluence Data Center versions 7.17.0 through 8.9.0
Atlassian Confluence Server versions 7.17.0 through 8.5.8
Description
The issue is related to an out-of-bounds write vulnerability in the Apache Commons Configuration library, specifically in the
AbstractListDelimiterHandler.flattenIterator() function. This vulnerability can be exploited by a remote attacker to execute arbitrary code using specially crafted data. The vulnerability can cause a stack overflow, leading to a denial of service condition.Recommendations
Apache Commons Configuration versions 2.0 through 2.10.0: Upgrade to version 2.10.1.
Atlassian Confluence Data Center versions 7.17.0 through 8.9.0: Upgrade to version 8.9.1 or the latest version.
Atlassian Confluence Data Center versions 8.5.0 through 8.5.8: Upgrade to version 8.5.9 LTS or 8.9.1.
Atlassian Confluence Server versions 7.17.0 through 8.5.8: Upgrade to version 8.5.9 LTS or the latest version.
Atlassian Confluence Data Center and Server versions prior to 7.17.0: Upgrade to version 8.9.1, 8.5.9 LTS, or 7.19.23 LTS.
Fix
DoS
Resource Exhaustion
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apache Commons Configuration
Confluence
Debian
Suse