2992 matches found
K000152655: Apache Commons vulnerability CVE-2025-48734
Security Advisory Description Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this...
Oracle Primavera Unifier (July 2025 CPU)
The versions of Primavera Unifier installed on the remote host are affected by a vulnerability as referenced in the July 2025 CPU advisory. - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering component: Platform Apache Commons BeanUtils. Supported versions that...
Oracle Application Testing Suite (July 2025 CPU)
The versions of Oracle Application Testing Suite installed on the remote host are affected by a vulnerability as referenced in the July 2025 CPU advisory. - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for Web Apps Apache Commo...
K000152614: Apache Commons vulnerability CVE-2025-48976
Security Advisory Description Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to...
F5 Networks BIG-IP : Apache Commons vulnerability (K000152614)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.1 / 21.0.0. It is, therefore, affected by a vulnerability as referenced in the K000152614 advisory. Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in...
apache-commons-lang3-3.18.0-1.1 on GA media (moderate)
apache-commons-lang3-3.18.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:15347-1 Rating: moderate Cross-References: CVE-2025-48924 CVSS scores: CVE-2025-48924 SUSE : 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2025-48924 SUSE : 5.7...
OPENSUSE-SU-2025:15347-1 apache-commons-lang3-3.18.0-1.1 on GA media
These are all security issues fixed in the apache-commons-lang3-3.18.0-1.1 package on the GA media of openSUSE Tumbleweed...
Security Bulletin: Apache Commons FileUpload used by IBM InfoSphere Identity Insight has a potential vulnerability (CVE-2025-48976))
Summary Apache Commons FileUpload used by IBM InforSphere Identity Insight provided a hard-coded limit of 10kB for the size of the headers associated with a multipart request. A specially crafted request that used a large number of parts with large headers could trigger excessive memory usage...
Apache Commons Lang DoS Vulnerability (Jul 2025)
The Apache Commons Lang library is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...
commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default
A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...
commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default
A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...
commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default
A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...
commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default
A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...
SUSE CVE-2025-48924
Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass... can throw StackOverflowError on very long input...
Uncontrolled Recursion
Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the ClassUtils.getClass function. An attacker can cause the application to terminate unexpectedly by providing excessively long input values. Remediation Upgrade org.apache.commons:commons-lang3 to version...
GHSA-J288-Q9X7-2F5V Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs
Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass... can throw StackOverflowError on very long input...
Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs
Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass... can throw StackOverflowError on very long input...
CVE-2025-48924
Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass... can throw StackOverflowError on very long input...
AZL-65144 CVE-2025-48924 affecting package apache-commons-lang3 for versions less than 3.8.1-6
Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass... can throw StackOverflowError on very long input...
CVE-2025-48924
Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass... can throw StackOverflowError on very long input...