33 matches found
USN-8364-1: Apache Commons Lang vulnerability
It was discovered that Apache Commons Lang incorrectly handled recursion in the ClassUtils.getClass method. An attacker could possibly use this issue to cause Apache Commons Lang to crash, resulting in a denial of service...
Security Bulletin: StackOverflowError Denial-of-Service Vulnerability in Apache Commons Lang ClassUtils.getClass() Due to Uncontrolled Recursion affects watsonx.data
Summary Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass... can throw StackOverflowError on very lo...
commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang
An uncontrolled recursion flaw was found in the Apache Commons Lang library. The ClassUtils.getClass... method can throw a StackOverflowError on very long inputs. Since this error is typically not handled by applications and libraries, a StackOverflowError may lead to the termination of an...
ROS-20251216-7311
A vulnerability in the ClassUtils.getClass function of the Apache Commons Lang library for the Java programming language involves uncontrolled recursion. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang
An uncontrolled recursion flaw was found in the Apache Commons Lang library. The ClassUtils.getClass... method can throw a StackOverflowError on very long inputs. Since this error is typically not handled by applications and libraries, a StackOverflowError may lead to the termination of an...
MGASA-2025-0293 Updated apache-commons-lang3 & apache-commons-lang packages fix security vulnerability
Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass... can throw a StackOverflowError on very long inputs. CVE-2025-48924...
Updated apache-commons-lang3 & apache-commons-lang packages fix security vulnerability
Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass... can throw a StackOverflowError on very long inputs. CVE-2025-48924...
commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang
An uncontrolled recursion flaw was found in the Apache Commons Lang library. The ClassUtils.getClass... method can throw a StackOverflowError on very long inputs. Since this error is typically not handled by applications and libraries, a StackOverflowError may lead to the termination of an...
commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang
An uncontrolled recursion flaw was found in the Apache Commons Lang library. The ClassUtils.getClass... method can throw a StackOverflowError on very long inputs. Since this error is typically not handled by applications and libraries, a StackOverflowError may lead to the termination of an...
K000154575: Apache Commons Lang vulnerability CVE-2025-48924
Security Advisory Description Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass... can throw...
[SECURITY] [DLA 4286-1] libcommons-lang3-java security update
Debian LTS Advisory DLA-4286-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert August 31, 2025 https://wiki.debian.org/LTS Package : libcommons-lang3-java Version : 3.11-1+deb11u1 CVE ID : CVE-2025-48924 Debian Bug : 1109125 A vulnerability has been discovered in...
commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang
An uncontrolled recursion flaw was found in the Apache Commons Lang library. The ClassUtils.getClass... method can throw a StackOverflowError on very long inputs. Since this error is typically not handled by applications and libraries, a StackOverflowError may lead to the termination of an...
SUSE CVE-2025-48924
Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass... can throw StackOverflowError on very long input...
Uncontrolled Recursion
Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the ClassUtils.getClass function. An attacker can cause the application to terminate unexpectedly by providing excessively long input values. Remediation Upgrade org.apache.commons:commons-lang3 to version...
Uncontrolled Recursion
Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the ClassUtils.getClass function. An attacker can cause the application to terminate unexpectedly by providing excessively long input values. Remediation There is no fixed version for commons-lang:commons-lang...
AZL-65144 CVE-2025-48924 affecting package apache-commons-lang3 for versions less than 3.8.1-6
Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass... can throw StackOverflowError on very long input...
DEBIAN-CVE-2025-48924
Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass... can throw StackOverflowError on very long input...
Apache Commons Lang 安全漏洞
Apache Commons Lang is a tool library of the Apache USA Foundation. A security vulnerability exists in Apache Commons Lang versions 2.0 through 2.6 and 3.0 through versions prior to 3.18.0, which stems from the presence of infinite recursion in the ClassUtils.getClass method, which could lead to ...
SUSE CVE-2014-0112
ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for...
GHSA-VRWC-QJMW-5RJM ClassLoader manipulation in Apache Struts
The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method...