Remediation:
Upgrade to commons-io:commons-io@2.14.0.
Overview
commons-io:commons-io is a The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.
Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') through the XmlStreamReader class. An attacker can cause the application to consume excessive CPU resources by sending specially crafted XML content.
Remediation
Upgrade commons-io:commons-io to version 2.14.0 or higher.