OESA-2025-2032

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2032

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2025-2032.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2025-2032

Upstream

CVE-2025-48924

Published

2025-08-15T12:40:02Z

Modified

2025-08-15T16:48:07.046041Z

Summary

apache-commons-lang security update

Details

The standard Java libraries fail to provide enough methods for manipulation of its core classes. Apache Commons Lang provides these extra methods.

Security Fix(es):

A vulnerability classified as problematic has been found in Apache Commons Lang up to 2.6/3.17.x.CWE is classifying the issue as CWE-674. The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.This is going to have an impact on confidentiality, integrity, and availability.Upgrading to version 3.18.0 eliminates this vulnerability.(CVE-2025-48924)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:24.03-LTS-SP2 / apache-commons-lang

Package

Name: apache-commons-lang
Purl: pkg:rpm/openEuler/apache-commons-lang&distro=openEuler-24.03-LTS-SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.6-24.oe2403sp2

Ecosystem specific

{
    "noarch": [
        "apache-commons-lang-2.6-24.oe2403sp2.noarch.rpm",
        "apache-commons-lang-help-2.6-24.oe2403sp2.noarch.rpm"
    ],
    "src": [
        "apache-commons-lang-2.6-24.oe2403sp2.src.rpm"
    ]
}