jackson-databind: Deeply nested JsonNode throws StackOverflowError for toString()

Impact Potential Denial-of-Service when attacker sends deeply nested JSON if and only if service: 1. Reads deeply nested 1000s of levels JSON as JsonNode ObjectMapper.readTree 2. Writes out same or modifided node using JsonNode.toString which can consume significant amount of resources with...

Security Bulletin: StackOverflowError Denial-of-Service Vulnerability in Apache Commons Lang ClassUtils.getClass() Due to Uncontrolled Recursion affects watsonx.data

Summary Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass... can throw StackOverflowError on very lo...

commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang

An uncontrolled recursion flaw was found in the Apache Commons Lang library. The ClassUtils.getClass... method can throw a StackOverflowError on very long inputs. Since this error is typically not handled by applications and libraries, a StackOverflowError may lead to the termination of an...

EUVD-2010-4772

Malware in sbrugna...

EUVD-2019-0639

Malware in sbrugna...

Unity Linux 20.1070e Security Update: apache-commons-lang (UTSA-2025-986100)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986100 advisory. Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting withcommons-lang:commons-lang2.0 to 2.6, and, from...

EUVD-2022-7622

Malicious code in bioql PyPI...

EUVD-2025-11522

Malicious code in bioql PyPI...

EUVD-2023-1077

Malicious code in bioql PyPI...

EUVD-2024-0219

Malicious code in bioql PyPI...

EUVD-2025-21159

Malicious code in bioql PyPI...

EUVD-2022-1032

Malicious code in bioql PyPI...

commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang

An uncontrolled recursion flaw was found in the Apache Commons Lang library. The ClassUtils.getClass... method can throw a StackOverflowError on very long inputs. Since this error is typically not handled by applications and libraries, a StackOverflowError may lead to the termination of an...

commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang

An uncontrolled recursion flaw was found in the Apache Commons Lang library. The ClassUtils.getClass... method can throw a StackOverflowError on very long inputs. Since this error is typically not handled by applications and libraries, a StackOverflowError may lead to the termination of an...

Important: Red Hat Security Advisory: pki-deps:10.6 security update

An update for the pki-deps:10.6 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

AlmaLinux 9 : jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base (ALSA-2025:12280)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:12280 advisory. com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError CVE-2025-52999 Tenable has extracted the preceding description block directly...

Amazon Linux 2023 : jackson-core (ALAS2023-2025-1127)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1127 advisory. jackson-core contains core low-level incremental streaming parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deepl...

commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang

An uncontrolled recursion flaw was found in the Apache Commons Lang library. The ClassUtils.getClass... method can throw a StackOverflowError on very long inputs. Since this error is typically not handled by applications and libraries, a StackOverflowError may lead to the termination of an...

[SECURITY] [DLA 4262-1] libcommons-lang-java security update

Debian LTS Advisory DLA-4262-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert August 01, 2025 https://wiki.debian.org/LTS Package : libcommons-lang-java Version : 2.6-9+deb11u1 CVE ID : CVE-2025-48924 Debian Bug : 1109126 A vulnerability has been discovered in...

Debian dla-4262 : libcommons-lang-java - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4262 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4262-1 [email protected] https://www.debian.org/lts/security/...