You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/site/xdoc/security.xml
+61-11Lines changed: 61 additions & 11 deletions
Original file line number
Diff line number
Diff line change
@@ -1,11 +1,9 @@
1
1
<?xml version="1.0"?>
2
-
<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file
3
-
distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under
4
-
the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may
5
-
obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to
6
-
in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
7
-
ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under
8
-
the License. -->
2
+
<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding
3
+
copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may
4
+
obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed
5
+
on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the
6
+
License. -->
9
7
<document>
10
8
<properties>
11
9
<title>Apache Commons Lang Security Reports</title>
@@ -25,14 +23,66 @@
25
23
</p>
26
24
<p>
27
25
If you need help on building this component or other help on following the instructions to mitigate the known vulnerabilities listed here, please send
28
-
your questions to the public
29
-
<ahref="mail-lists.html">user mailing list</a>.
26
+
your questions to the
27
+
public
28
+
<ahref="mail-lists.html">user mailing list</a>
29
+
.
30
30
</p>
31
31
<p>
32
32
If you have encountered an unlisted security vulnerability or other unexpected behavior that has security impact, or if the descriptions here are
<sectionname="CVE-2025-48924 ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs">
39
+
<p>
40
+
ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs.
41
+
</p>
42
+
<p>
43
+
Affected versions:
44
+
</p>
45
+
<ul>
46
+
<li>Apache Commons Lang (commons-lang:commons-lang) 2.0 through 2.6</li>
47
+
<li>Apache Commons Lang (org.apache.commons:commons-lang3) 3.0 before 3.18.0</li>
48
+
</ul>
49
+
<p>
50
+
Uncontrolled Recursion vulnerability in Apache Commons Lang.
51
+
</p>
52
+
<p>
53
+
This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.
54
+
</p>
55
+
<p>
56
+
The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a
57
+
StackOverflowError could cause an application to stop.
58
+
</p>
59
+
<p>
60
+
Users are recommended to upgrade to version 3.18.0, which fixes the issue.
0 commit comments