AZL-65144

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-65144.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-65144

Upstream

CVE-2025-48924

Published

2025-07-11T15:15:24Z

Modified

2026-04-01T05:20:29.202279Z

Summary

CVE-2025-48924 affecting package apache-commons-lang3 for versions less than 3.8.1-6

Details

Uncontrolled Recursion vulnerability in Apache Commons Lang.

This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.

The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop.

Users are recommended to upgrade to version 3.18.0, which fixes the issue.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-48924

Affected packages

Azure Linux:2 / apache-commons-lang3

Package

Name: apache-commons-lang3
Purl: pkg:rpm/azure-linux/apache-commons-lang3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.8.1-6

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-65144.json"