Critical Vulnerability Information CVE ID: CVE-2024-29133 Release Date: 2024-03-21 Update Date: 2024-05-01 CNA: Apache Software Foundation Title: Apache Commons Configuration: StackOverflowError Calling ListDelimiterHandler.Flatten(Object, Int) With A Cyclic Object Tree Description: An out-of-bounds write vulnerability exists in Apache Commons Configuration. This issue affects versions from 2.0 up to, but not including, 2.10.1. Users are advised to upgrade to version 2.10.1 to resolve this issue. CVE Type: CWE-787: Out-of-bounds Write Affected Versions: 2.0 to 2.10.1 Discoverer: Gary Gregory Reference Links: - https://lists.apache.org/thread/ccb9w15bscznh6tnp3wsvrir8crbszh2 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YD4AFTIIQW662LUAQRMWS6BBKYSZG3YSI/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNKDKEEKZNL5FGCTZKJ6CFXFVWFL5FJ7I/ - http://www.openwall.com/lists/oss-security/2024/03/20/3