commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang

An uncontrolled recursion flaw was found in the Apache Commons Lang library. The ClassUtils.getClass... method can throw a StackOverflowError on very long inputs. Since this error is typically not handled by applications and libraries, a StackOverflowError may lead to the termination of an...

CVE-2025-9714

Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions xmlXPathRunEval, xmlXPathCtxtCompile, and xmlXPathEvalExpr were resetting recursion depth to zero before...

libxml2 安全漏洞

libxml2 is a GNOME open source library for parsing XML documents. It is written in C and can be called by many languages, such as C, C++, and XSH. A security vulnerability exists in libxml2 version 2.9.14 and earlier, which stems from an uncontrolled recursion in XPath evaluation that could lead ...

ROS-20250904-06

A vulnerability in the Protobuf Pure-Python structured data serialization library is related to uncontrolled recursion when analyzing unreliable data containing an arbitrary number of recursive groups, recursive messages, or series of SGROUP tags. Exploitation of the vulnerability could allow an...

K000154575: Apache Commons Lang vulnerability CVE-2025-48924

Security Advisory Description Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass... can throw...

Linux Distros Unpatched Vulnerability : CVE-2022-3222

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-DEV. CVE-2022-3222 Note that Nessus relies on the presence of the package as reported by th...

Linux Distros Unpatched Vulnerability : CVE-2018-21232

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - re2c before 2.0 has uncontrolled recursion that causes stack consumption in findfixedtags. CVE-2018-21232 Note that Nessus relies on the presence of the package...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Uncontrolled Recursion vulnerability in Apache Commons [CVE-2025-48924]

Summary IBM Watson Speech Services Cartridge is vulnerable to an Uncontrolled Recursion vulnerability in Apache Commons Lang, caused by the methods ClassUtils.getClass... possibily throwing a StackOverflowError on very long inputs CVE-2025-48924. Apache Commons is used in our speech service...

Security Bulletin: Vulerability commons-lang3 affects IBM Integrated Analytics System

Summary The commons-lang3 library is used by IBM Integrated Analytics System for core utility functions. A vulnerability was identified in the ClassUtils.getClass... method, where uncontrolled recursion on very long inputs can trigger a StackOverflowError. As this error is often unhandled, it may...

Uncontrolled Recursion

Overview llama-index-core is an Interface between LLMs and your data Affected versions of this package are vulnerable to Uncontrolled Recursion via the JSONReader component. An attacker can cause excessive resource consumption and crash the process by submitting deeply nested JSON files...

CVE-2025-5302

A denial of service vulnerability exists in the JSONReader component of the run-llama/llamaindex repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion depth...

CVE-2025-5302

A denial of service vulnerability exists in the JSONReader component of the run-llama/llamaindex repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion depth...

CVE-2025-5302 Denial of Service (DOS) in JSONReader in run-llama/llama_index

A denial of service vulnerability exists in the JSONReader component of the run-llama/llamaindex repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion depth...

Linux Distros Unpatched Vulnerability : CVE-2019-9192

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the GNU C Library aka glibc or libc6 through 2.29, checkdstlimitscalcpos1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '|\1\1' in grep, ...

OESA-2025-2061 apache-commons-lang security update

The standard Java libraries fail to provide enough methods for manipulation of its core classes. Apache Commons Lang provides these extra methods. Security Fixes: A vulnerability classified as problematic has been found in Apache Commons Lang up to 2.6/3.17.x.CWE is classifying the issue as...

Security Bulletin: IBM Application Modernization Accelerator is affected by multiple vulnerabilities found in Java and Node.js (CVE-2025-48924, CVE-2025-4949)

Summary There are multiple vulnerabilities in Java and Node.js used by IBM Application Modernization Accelerator. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...

SUSE: Security Advisory (SUSE-SU-2025:02818-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2023 : javapackages-bootstrap (ALAS2023-2025-1149)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1149 advisory. Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : apache-commons-lang3 (SUSE-SU-2025:02818-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02818-1 advisory. - Update to version 3.18.0 - CVE-2025-48924: Fixed an uncontrolled recursion vulnerability that may lead...

CVE-2025-24302

Uncontrolled recursion for some TinyCBOR libraries maintained by IntelR before version 0.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access...