Apache Commons Configuration versions prior to 2.10.1 contain two related vulnerabilities (CVE-2024-29131 and CVE-2024-29133) involving StackOverflowError exceptions triggered by recursive processing in AbstractListDelimiterHandler.flattenIterator() and ListDelimiterHandler.flatten(Object, int) when cyclical object trees are present. These flaws can cause application crashes due to unbounded recursion. The vulnerabilities have been addressed in version 2.10.1. Red Hat advisories confirm these issues and provide patches in their product updates.

Exploitation of these vulnerabilities can cause a denial of service by triggering a StackOverflowError, crashing the affected Java applications that use vulnerable versions of Apache Commons Configuration. There is no indication of code execution or data disclosure impacts in the provided information.

A fix is available in Apache Commons Configuration version 2.10.1. Users should upgrade to version 2.10.1 or later to remediate these vulnerabilities. Red Hat has issued security advisories with patches for their affected products. No additional mitigation steps are indicated by the vendor advisories.