OESA-2025-1929

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1929

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2025-1929.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2025-1929

Upstream

CVE-2025-48924

Published

2025-08-01T13:02:56Z

Modified

2025-08-12T05:51:26.862326Z

Summary

apache-commons-lang3 security update

Details

The standard Java libraries fail to provide enough methods for manipulation of its core classes. The Commons Lang Component provides these extra methods. Lang provides a host of helper utilities for the java.lang API, notably String manipulation methods, basic numerical methods, object reflection, concurrency, creation and serialization and System properties. Additionally it contains basic enhancements to java.util.Date and a series of utilities dedicated to help with building methods, such as hashCode, toString and equals. Note that Lang 3.0 (and subsequent versions) use a different package (org.apache.commons.lang3) than the previous versions (org.apache.commons.lang), allowing it to be used at the same time as an earlier version.

Security Fix(es):

A vulnerability classified as problematic has been found in Apache Commons Lang up to 2.6/3.17.x.CWE is classifying the issue as CWE-674. The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.This is going to have an impact on confidentiality, integrity, and availability.Upgrading to version 3.18.0 eliminates this vulnerability.(CVE-2025-48924)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:20.03-LTS-SP4 / apache-commons-lang3

Package

Name: apache-commons-lang3
Purl: pkg:rpm/openEuler/apache-commons-lang3&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.18.0-1.oe2003sp4

Ecosystem specific

{
    "noarch": [
        "apache-commons-lang3-3.18.0-1.oe2003sp4.noarch.rpm",
        "apache-commons-lang3-help-3.18.0-1.oe2003sp4.noarch.rpm"
    ],
    "src": [
        "apache-commons-lang3-3.18.0-1.oe2003sp4.src.rpm"
    ]
}

openEuler:22.03-LTS-SP3 / apache-commons-lang3

Package

Name: apache-commons-lang3
Purl: pkg:rpm/openEuler/apache-commons-lang3&distro=openEuler-22.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.18.0-1.oe2203sp3

Ecosystem specific

{
    "noarch": [
        "apache-commons-lang3-3.18.0-1.oe2203sp3.noarch.rpm",
        "apache-commons-lang3-help-3.18.0-1.oe2203sp3.noarch.rpm"
    ],
    "src": [
        "apache-commons-lang3-3.18.0-1.oe2203sp3.src.rpm"
    ]
}

openEuler:22.03-LTS-SP4 / apache-commons-lang3

Package

Name: apache-commons-lang3
Purl: pkg:rpm/openEuler/apache-commons-lang3&distro=openEuler-22.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.18.0-1.oe2203sp4

Ecosystem specific

{
    "noarch": [
        "apache-commons-lang3-3.18.0-1.oe2203sp4.noarch.rpm",
        "apache-commons-lang3-help-3.18.0-1.oe2203sp4.noarch.rpm"
    ],
    "src": [
        "apache-commons-lang3-3.18.0-1.oe2203sp4.src.rpm"
    ]
}

openEuler:24.03-LTS / apache-commons-lang3

Package

Name: apache-commons-lang3
Purl: pkg:rpm/openEuler/apache-commons-lang3&distro=openEuler-24.03-LTS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.18.0-1.oe2403sp2

Ecosystem specific

{
    "noarch": [
        "apache-commons-lang3-3.18.0-1.oe2403.noarch.rpm",
        "apache-commons-lang3-help-3.18.0-1.oe2403.noarch.rpm",
        "apache-commons-lang3-3.18.0-1.oe2403sp1.noarch.rpm",
        "apache-commons-lang3-help-3.18.0-1.oe2403sp1.noarch.rpm",
        "apache-commons-lang3-3.18.0-1.oe2403sp2.noarch.rpm",
        "apache-commons-lang3-help-3.18.0-1.oe2403sp2.noarch.rpm"
    ],
    "src": [
        "apache-commons-lang3-3.18.0-1.oe2403.src.rpm",
        "apache-commons-lang3-3.18.0-1.oe2403sp1.src.rpm",
        "apache-commons-lang3-3.18.0-1.oe2403sp2.src.rpm"
    ]
}

openEuler:24.03-LTS-SP1 / apache-commons-lang3

Package

Name: apache-commons-lang3
Purl: pkg:rpm/openEuler/apache-commons-lang3&distro=openEuler-24.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.18.0-1.oe2403sp1

Ecosystem specific

{
    "noarch": [
        "apache-commons-lang3-3.18.0-1.oe2403sp1.noarch.rpm",
        "apache-commons-lang3-help-3.18.0-1.oe2403sp1.noarch.rpm"
    ],
    "src": [
        "apache-commons-lang3-3.18.0-1.oe2403sp1.src.rpm"
    ]
}

openEuler:24.03-LTS-SP2 / apache-commons-lang3

Package

Name: apache-commons-lang3
Purl: pkg:rpm/openEuler/apache-commons-lang3&distro=openEuler-24.03-LTS-SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.18.0-1.oe2403sp2

Ecosystem specific

{
    "noarch": [
        "apache-commons-lang3-3.18.0-1.oe2403sp2.noarch.rpm",
        "apache-commons-lang3-help-3.18.0-1.oe2403sp2.noarch.rpm"
    ],
    "src": [
        "apache-commons-lang3-3.18.0-1.oe2403sp2.src.rpm"
    ]
}