OESA-2025-1972

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1972

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2025-1972.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2025-1972

Upstream

CVE-2025-48924

Published

2025-08-08T11:16:25Z

Modified

2025-08-13T09:18:46.922159Z

Summary

apache-commons-lang security update

Details

The standard Java libraries fail to provide enough methods for manipulation of its core classes. Apache Commons Lang provides these extra methods.

Security Fix(es):

A vulnerability classified as problematic has been found in Apache Commons Lang up to 2.6/3.17.x.CWE is classifying the issue as CWE-674. The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.This is going to have an impact on confidentiality, integrity, and availability.Upgrading to version 3.18.0 eliminates this vulnerability.(CVE-2025-48924)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:22.03-LTS-SP4 / apache-commons-lang

Package

Name: apache-commons-lang
Purl: pkg:rpm/openEuler/apache-commons-lang&distro=openEuler-22.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.6-24.oe2203sp4

Ecosystem specific

{
    "noarch": [
        "apache-commons-lang-2.6-24.oe2203sp4.noarch.rpm",
        "apache-commons-lang-help-2.6-24.oe2203sp4.noarch.rpm"
    ],
    "src": [
        "apache-commons-lang-2.6-24.oe2203sp4.src.rpm"
    ]
}