Skip to content

Commit 19f2054

Browse files
vharsekovharseko
authored
CVE-2025-48924 Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs (#111)
1 parent 662d315 commit 19f2054

File tree

3 files changed

+6
-13
lines changed

3 files changed

+6
-13
lines changed

legal/THIRDPARTYREADME.txt

Lines changed: 1 addition & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -59,13 +59,7 @@ Copyright: Copyright 2002-2013 The Apache Software Foundation
5959
Version: commons-io-2.4.jar
6060
Copyright: Copyright 2002-2012 The Apache Software Foundation
6161

62-
Version: commons-lang-2.4.jar
63-
Copyright: Copyright 2001-2008 The Apache Software Foundation
64-
65-
Version: commons-lang-2.6.jar
66-
Copyright: Copyright 2001-2011 The Apache Software Foundation
67-
68-
Version: commons-lang3-3.4.jar
62+
Version: commons-lang3-3.18.jar
6963
Copyright: Copyright 2001-2013 The Apache Software Foundation
7064

7165
Version: commons-beanutils-1.8.0.jar

openidm-zip/pom.xml

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@
2222
~ your own identifying information:
2323
~ "Portions Copyrighted [year] [name of copyright owner]"
2424
~
25-
~ Portions Copyrighted 2024 3A Systems LLC.
25+
~ Portions Copyrighted 2019-2025 3A Systems LLC.
2626
-->
2727
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
2828
<modelVersion>4.0.0</modelVersion>
@@ -658,9 +658,8 @@
658658
<version>3.2.2</version>
659659
</dependency>
660660
<dependency>
661-
<groupId>commons-lang</groupId>
662-
<artifactId>commons-lang</artifactId>
663-
<version>2.6</version>
661+
<groupId>org.apache.commons</groupId>
662+
<artifactId>commons-lang3</artifactId>
664663
</dependency>
665664
<!-- Test Dependencies -->
666665
<dependency>

openidm-zip/src/main/assembly/zip.xml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@
1313
information: "Portions Copyrighted [year] [name of copyright owner]".
1414
1515
Copyright (c) 2011-2016 ForgeRock AS. All rights reserved.
16-
Portions Copyrighted 2019-2024 3A Systems LLC.
16+
Portions Copyrighted 2019-2025 3A Systems LLC.
1717
-->
1818
<assembly xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2"
1919
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
@@ -1278,7 +1278,7 @@
12781278
<include>com.jcraft:jsch</include>
12791279
<include>commons-beanutils:commons-beanutils</include>
12801280
<include>commons-collections:commons-collections</include>
1281-
<include>commons-lang:commons-lang</include>
1281+
<include>org.apache.commons:commons-lang3</include>
12821282
<include>net.sf.ezmorph:ezmorph</include>
12831283
<include>org.codehaus.groovy.modules.http-builder:http-builder</include>
12841284
<include>net.sf.json-lib:json-lib</include>

0 commit comments

Comments
 (0)