Primary

Context

Apache Commons Configuration Uncontrolled Recursion Vulnerability in YAML Processing

Vulnerability

Patched

A vulnerability allowing uncontrolled recursion has been identified in Apache Commons Configuration versions 2.2 prior to 2.15.0. When processing untrusted YAML configuration files that contain cycles, the library can enter an infinite loop, leading to a StackOverflowError. This issue arises from the inability to detect and manage processing cycles in the YAML input.

Impact

Exploitation of this vulnerability causes a StackOverflowError, leading to a denial of service condition where the application crashes or becomes unresponsive.

Remediation

Users are advised to upgrade to Apache Commons Configuration version 2.15.0 or later, which addresses this vulnerability.

Added: May 14, 2026, 12:19 PM

Updated: May 14, 2026, 12:19 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

5.3

remediation

7.7

relevance

8.3

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

5.3

remediation

7.7

relevance

8.3

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Commons Configuration Uncontrolled Recursion Vulnerability in YAML Processing

Vulnerability

Impact

Remediation

Affected Products

Apache Commons Configuration

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating