What is the severity of GHSA-pvp8-3xj6-8c6x?

The severity of GHSA-pvp8-3xj6-8c6x is classified as high due to the potential for resource exhaustion.

How do I fix GHSA-pvp8-3xj6-8c6x?

To fix GHSA-pvp8-3xj6-8c6x, upgrade to Apache Commons Configuration 1.11 or later.

What are the main vulnerabilities associated with GHSA-pvp8-3xj6-8c6x?

GHSA-pvp8-3xj6-8c6x includes uncontrolled resource consumption issues that can lead to denial-of-service conditions.

What versions of Apache Commons Configuration are affected by GHSA-pvp8-3xj6-8c6x?

Apache Commons Configuration versions up to and including 1.10 are affected by GHSA-pvp8-3xj6-8c6x.

What is the impact of exploiting GHSA-pvp8-3xj6-8c6x?

Exploiting GHSA-pvp8-3xj6-8c6x can result in excessive resource consumption, leading to degraded system performance or crashes.

Vulnerability/
GHSA-pvp8-3xj6-8c6x

CWE

400

9/5/2025

GHSA-pvp8-3xj6-8c6x

First published: Fri May 09 2025(Updated: )

Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x. There are a number of issues in Apache Commons Configuration 1.x that allow excessive resource consumption when loading untrusted configurations or using unexpected usage patterns. The Apache Commons Configuration team does not intend to fix these issues in 1.x. Apache Commons Configuration 1.x is still safe to use in scenarios where you only load trusted configurations. Users that load untrusted configurations or give attackers control over usage patterns are recommended to upgrade to the 2.x version line, which fixes these issues. Apache Commons Configuration 2.x is not a drop-in replacement, but as it uses a separate Maven groupId and Java package namespace they can be loaded side-by-side, making it possible to do a gradual migration.

Affected Software	Affected Version	How to fix
maven/commons-configuration:commons-configuration	<=1.10

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of GHSA-pvp8-3xj6-8c6x?
The severity of GHSA-pvp8-3xj6-8c6x is classified as high due to the potential for resource exhaustion.
How do I fix GHSA-pvp8-3xj6-8c6x?
To fix GHSA-pvp8-3xj6-8c6x, upgrade to Apache Commons Configuration 1.11 or later.
What are the main vulnerabilities associated with GHSA-pvp8-3xj6-8c6x?
GHSA-pvp8-3xj6-8c6x includes uncontrolled resource consumption issues that can lead to denial-of-service conditions.
What versions of Apache Commons Configuration are affected by GHSA-pvp8-3xj6-8c6x?
Apache Commons Configuration versions up to and including 1.10 are affected by GHSA-pvp8-3xj6-8c6x.
What is the impact of exploiting GHSA-pvp8-3xj6-8c6x?
Exploiting GHSA-pvp8-3xj6-8c6x can result in excessive resource consumption, leading to degraded system performance or crashes.

collector/github-advisory-latest
source/GitHub
alias/GHSA-pvp8-3xj6-8c6x
alias/CVE-2025-46392
agent/software-canonical-lookup
agent/last-modified-date
agent/weakness
agent/references
agent/source
agent/tags
agent/type
agent/description
agent/first-publish-date
agent/softwarecombine
agent/event
package-manager/maven

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.