commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang

An uncontrolled recursion flaw was found in the Apache Commons Lang library. The ClassUtils.getClass... method can throw a StackOverflowError on very long inputs. Since this error is typically not handled by applications and libraries, a StackOverflowError may lead to the termination of an...

Important: Red Hat Security Advisory: Streams for Apache Kafka 3.0.1 release and security update

Streams for Apache Kafka 3.0.1 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

UBUNTU-CVE-2025-39843

In the Linux kernel, the following vulnerability has been resolved: mm: slub: avoid wake up kswapd in settrackprepare settrackprepare can incur lock recursion. The issue is that it is called from hrtimerstartrangens holding the percpuhrtimerbasesn.lock, but when enabled CONFIGDEBUGOBJECTSTIMERS,...

CVE-2023-53428

CVE-2023-53428 affects the Linux kernel powercap subsystem, specifically the arm_scmi implementation. The issue arises when powercap zones are retrieved from platforms and registered in a hierarchical tree; the current recursive walk can cause kernel stack overflow for large trees. The fix replac...

CVE-2023-53428 powercap: arm_scmi: Remove recursion while parsing zones

In the Linux kernel, the following vulnerability has been resolved: powercap: armscmi: Remove recursion while parsing zones Powercap zones can be defined as arranged in a hierarchy of trees and when registering a zone with powercapregisterzone, the kernel powercap subsystem expects this to happen...

SUSE-SU-2025:03239-1 Security update for expat

This update for expat fixes the following issues: expat was updated to version 2.7.1: - Bug fixes: - Restore event pointer behavior from Expat 2.6.4 that the fix to CVE-2024-8176 changed in 2.7.0; affected API functions are: - XMLGetCurrentByteCount - XMLGetCurrentByteIndex -...

CVE-2025-59364

The express-xss-sanitizer aka Express XSS Sanitizer package through 2.0.0 for Node.js has an unbounded recursion depth in sanitize in lib/sanitize.js for a JSON request body...

EulerOS Virtualization 2.13.0 : expat (EulerOS-SA-2025-2157)

According to the versions of the expat package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents...

DEBIAN-CVE-2023-53149

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid deadlock in fs reclaim with page writeback Ext4 has a filesystem wide lock protecting ext4writepages calls to avoid races with switching of journalled data flag or inode format. This lock can however cause a deadlock...

UBUNTU-CVE-2023-53149

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid deadlock in fs reclaim with page writeback Ext4 has a filesystem wide lock protecting ext4writepages calls to avoid races with switching of journalled data flag or inode format. This lock can however cause a deadlock...

Duplicate Advisory: express-xss-sanitizer has an unbounded recursion depth

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hvq2-wf92-j4f3. This link is maintained to preserve external references. Original Descripton The express-xss-sanitizer package for Node.js has an unbounded recursion in the sanitize function lib/sanitize.js when...

GHSA-QHWP-454G-2GV4 Duplicate Advisory: express-xss-sanitizer has an unbounded recursion depth

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hvq2-wf92-j4f3. This link is maintained to preserve external references. Original Descripton The express-xss-sanitizer package for Node.js has an unbounded recursion in the sanitize function lib/sanitize.js when...

CVE-2025-59364

The express-xss-sanitizer aka Express XSS Sanitizer package through 2.0.0 for Node.js has an unbounded recursion depth in sanitize in lib/sanitize.js for a JSON request body...

CVE-2025-59364

The express-xss-sanitizer aka Express XSS Sanitizer package through 2.0.0 for Node.js has an unbounded recursion depth in sanitize in lib/sanitize.js for a JSON request body...

Uncontrolled Recursion

Overview express-xss-sanitizer is an Express 4.x middleware which sanitizes user input data in req.body, req.query, req.headers and req.params to prevent Cross Site Scripting XSS attack. Affected versions of this package are vulnerable to Uncontrolled Recursion via the sanitize function in...

Express XSS Sanitizer 安全漏洞

Express XSS Sanitizer is used by AhmedAdelFahim Individual Developer to clean up user input data in req.body, req.query, req.headers, and req.params to prevent cross-site scripting XSS attacks. A security vulnerability exists in Express XSS Sanitizer 2.0.0 and prior versions, which stems from an...

CVE-2025-59364

The express-xss-sanitizer aka Express XSS Sanitizer package through 2.0.0 for Node.js has an unbounded recursion depth in sanitize in lib/sanitize.js for a JSON request body...

CVE-2025-59364

The CVE concerns the express-xss-sanitizer package for Node.js, where the sanitize function in lib/sanitize.js can recurse without depth limit when handling JSON request bodies, potentially enabling denial of service through stack exhaustion. Affected versions include up to 2.0.0; advisories indi...

CVE-2025-59364

The express-xss-sanitizer aka Express XSS Sanitizer package through 2.0.0 for Node.js has an unbounded recursion depth in sanitize in lib/sanitize.js for a JSON request body...

PT-2025-37434

Name of the Vulnerable Software and Affected Versions express-xss-sanitizer versions through 2.0.0 Description The express-xss-sanitizer package contains an unbounded recursion depth in the sanitize function located in lib/sanitize.js when processing a JSON request body. Recommendations Update to...