Medium severity5.3NVD Advisory· Published Jul 11, 2025· Updated Jun 17, 2026
CVE-2025-48924
CVE-2025-48924
Description
Uncontrolled Recursion vulnerability in Apache Commons Lang.
This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.
The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop.
Users are recommended to upgrade to version 3.18.0, which fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.commons:commons-lang3Maven | >= 3.0, < 3.18.0 | 3.18.0 |
commons-lang:commons-langMaven | >= 2.0, <= 2.6 | — |
Affected products
296- osv-coords295 versionspkg:apk/chainguard/airflow-3pkg:apk/chainguard/akhqpkg:apk/chainguard/apache-activemq-artemispkg:apk/chainguard/apache-activemq-artemis-compatpkg:apk/chainguard/apache-hoppkg:apk/chainguard/apache-hop-fipspkg:apk/chainguard/apache-nifipkg:apk/chainguard/apache-nifi-registrypkg:apk/chainguard/apache-nifi-registry-toolkitpkg:apk/chainguard/apache-tika-2.9pkg:apk/chainguard/apache-tika-2.9-compatpkg:apk/chainguard/apache-tika-3.0pkg:apk/chainguard/apache-tika-3.0-compatpkg:apk/chainguard/apache-tika-3.1pkg:apk/chainguard/apache-tika-3.1-compatpkg:apk/chainguard/apache-tika-3.2pkg:apk/chainguard/apache-tika-3.2-compatpkg:apk/chainguard/apicurio-registrypkg:apk/chainguard/apicurio-registry-nginx-configpkg:apk/chainguard/apicurio-registry-uipkg:apk/chainguard/camunda-zeebe-8.3pkg:apk/chainguard/camunda-zeebe-8.3-compatpkg:apk/chainguard/camunda-zeebe-8.4pkg:apk/chainguard/camunda-zeebe-8.4-compatpkg:apk/chainguard/camunda-zeebe-8.6pkg:apk/chainguard/camunda-zeebe-8.6-compatpkg:apk/chainguard/camunda-zeebe-8.7pkg:apk/chainguard/camunda-zeebe-8.7-compatpkg:apk/chainguard/cassandra-4.0pkg:apk/chainguard/cassandra-4.0-compatpkg:apk/chainguard/cassandra-4.0-iamguarded-compatpkg:apk/chainguard/cassandra-4.1pkg:apk/chainguard/cassandra-4.1-compatpkg:apk/chainguard/cassandra-4.1-iamguarded-compatpkg:apk/chainguard/cassandra-5.0pkg:apk/chainguard/cassandra-5.0-compatpkg:apk/chainguard/cassandra-5.0-entrypoint-compatpkg:apk/chainguard/cassandra-5.0-iamguarded-compatpkg:apk/chainguard/cassandra-fips-4.0pkg:apk/chainguard/cassandra-fips-4.0-compatpkg:apk/chainguard/cassandra-fips-4.1pkg:apk/chainguard/cassandra-fips-4.1-compatpkg:apk/chainguard/cassandra-fips-5.0pkg:apk/chainguard/cassandra-fips-5.0-compatpkg:apk/chainguard/cassandra-reaperpkg:apk/chainguard/confluent-kafkapkg:apk/chainguard/confluent-kafka-jre-bcfipspkg:apk/chainguard/cqlsh-5.0pkg:apk/chainguard/cqlsh-fips-5.0pkg:apk/chainguard/debezium-connector-spanner-3.0pkg:apk/chainguard/debezium-connector-spanner-3.5pkg:apk/chainguard/dependency-trackpkg:apk/chainguard/dependency-track-bundledpkg:apk/chainguard/elasticsearch-8pkg:apk/chainguard/elasticsearch-8.17-bitnamipkg:apk/chainguard/elasticsearch-8.19pkg:apk/chainguard/elasticsearch-8.19-iamguardedpkg:apk/chainguard/elasticsearch-8-bitnamipkg:apk/chainguard/elasticsearch-8-configpkg:apk/chainguard/elasticsearch-8-iamguardedpkg:apk/chainguard/elasticsearch-9.0pkg:apk/chainguard/elasticsearch-9.0-bitnamipkg:apk/chainguard/elasticsearch-9.0-configpkg:apk/chainguard/elasticsearch-9.0-iamguardedpkg:apk/chainguard/elasticsearch-9.1-bitnamipkg:apk/chainguard/elasticsearch-9.4pkg:apk/chainguard/elasticsearch-9.4-iamguardedpkg:apk/chainguard/elasticsearch-configpkg:apk/chainguard/elasticsearch-fips-9.0pkg:apk/chainguard/elasticsearch-fips-9.0-bitnamipkg:apk/chainguard/elasticsearch-fips-9.0-configpkg:apk/chainguard/elasticsearch-fips-9.1pkg:apk/chainguard/elasticsearch-fips-9.1-bitnamipkg:apk/chainguard/elasticsearch-fips-9.1-configpkg:apk/chainguard/elasticsearch-fips-9.4pkg:apk/chainguard/flywaypkg:apk/chainguard/ghidrapkg:apk/chainguard/gradle-9pkg:apk/chainguard/hadoop-client-modulespkg:apk/chainguard/infinispan-15.1pkg:apk/chainguard/infinispan-15.2pkg:apk/chainguard/jenkins-plugin-managerpkg:apk/chainguard/jenkins-plugin-manager-compatpkg:apk/chainguard/kafka-3.7pkg:apk/chainguard/kafka-3.8pkg:apk/chainguard/kafka-3.9pkg:apk/chainguard/kafka-4.0pkg:apk/chainguard/kafka-bitnami-compat-3.7pkg:apk/chainguard/kafka-bitnami-compat-3.8pkg:apk/chainguard/kafka-bitnami-compat-3.9pkg:apk/chainguard/kafka-bitnami-compat-4.0pkg:apk/chainguard/kafka-iamguarded-compat-4.0pkg:apk/chainguard/keycloak-26.3pkg:apk/chainguard/keycloak-config-clipkg:apk/chainguard/keycloak-config-cli-bitnami-compatpkg:apk/chainguard/keycloak-config-cli-compatpkg:apk/chainguard/keycloak-config-cli-iamguarded-compatpkg:apk/chainguard/kserve-modelmeshpkg:apk/chainguard/kserve-modelmesh-compatpkg:apk/chainguard/leiningenpkg:apk/chainguard/liquibasepkg:apk/chainguard/localstackpkg:apk/chainguard/logstash-9.2pkg:apk/chainguard/logstash-9.2-iamguarded-compatpkg:apk/chainguard/logstash-9.2-with-output-opensearchpkg:apk/chainguard/logstash-9.3pkg:apk/chainguard/logstash-9.3-iamguarded-compatpkg:apk/chainguard/logstash-9.3-with-output-opensearchpkg:apk/chainguard/management-api-for-apache-cassandra-4.0pkg:apk/chainguard/management-api-for-apache-cassandra-4.1pkg:apk/chainguard/management-api-for-apache-cassandra-5.0pkg:apk/chainguard/maven-stage0pkg:apk/chainguard/neo4j-2025.01pkg:apk/chainguard/neo4j-2025.01-docker-publishpkg:apk/chainguard/neo4j-2025.02pkg:apk/chainguard/neo4j-2025.02-docker-publishpkg:apk/chainguard/neo4j-2025.03pkg:apk/chainguard/neo4j-2025.03-docker-publishpkg:apk/chainguard/neo4j-2025.04pkg:apk/chainguard/neo4j-2025.04-docker-publishpkg:apk/chainguard/neo4j-2025.05pkg:apk/chainguard/neo4j-2025.05-docker-publishpkg:apk/chainguard/neo4j-2025.06pkg:apk/chainguard/neo4j-2025.06-browserpkg:apk/chainguard/neo4j-2025.06-docker-publishpkg:apk/chainguard/neo4j-4.4pkg:apk/chainguard/neo4j-4.4-docker-publishpkg:apk/chainguard/neo4j-5.26pkg:apk/chainguard/neo4j-5.26-docker-publishpkg:apk/chainguard/neo4j-5.26-oci-entrypointpkg:apk/chainguard/nextflowpkg:apk/chainguard/nrjmxpkg:apk/chainguard/opensearch-2-geospatialpkg:apk/chainguard/opensearch-2-identity-shiropkg:apk/chainguard/opensearch-2-ingest-attachmentpkg:apk/chainguard/opensearch-2-k-nnpkg:apk/chainguard/opensearch-2-neural-searchpkg:apk/chainguard/opensearch-2-performance-analyzerpkg:apk/chainguard/opensearch-2-repository-azurepkg:apk/chainguard/opensearch-2-securitypkg:apk/chainguard/opensearch-2-security-analyticspkg:apk/chainguard/opensearch-2-sqlpkg:apk/chainguard/py3.12-vllm-cuda-12.4pkg:apk/chainguard/solrpkg:apk/chainguard/solr-oci-compatpkg:apk/chainguard/sonar-scanner-clipkg:apk/chainguard/sonar-scanner-cli-compatpkg:apk/chainguard/spark-fips-3.5-scala-2.12pkg:apk/chainguard/spark-fips-3.5-scala-2.13pkg:apk/chainguard/spdx-tools-javapkg:apk/chainguard/spring-bootpkg:apk/chainguard/thingsboardpkg:apk/chainguard/thingsboard-tb-js-executorpkg:apk/chainguard/thingsboard-tb-mqtt-transportpkg:apk/chainguard/thingsboard-tb-nodepkg:apk/chainguard/thingsboard-tb-web-uipkg:apk/chainguard/tritonserver-backend-vllm-24.04pkg:apk/chainguard/tritonserver-backend-vllm-cuda-12.9pkg:apk/chainguard/wildflypkg:apk/chainguard/wildfly-openjdk-17pkg:apk/chainguard/wildfly-openjdk-17-compatpkg:apk/chainguard/wildfly-openjdk-21pkg:apk/chainguard/wildfly-openjdk-21-compatpkg:apk/chainguard/zaproxypkg:apk/chainguard/zipkinpkg:apk/chainguard/zipkin-oci-entrypointpkg:apk/chainguard/zipkin-slimpkg:apk/wolfi/airflow-3pkg:apk/wolfi/akhqpkg:apk/wolfi/apache-activemq-artemispkg:apk/wolfi/apache-activemq-artemis-compatpkg:apk/wolfi/apache-nifipkg:apk/wolfi/apache-nifi-registrypkg:apk/wolfi/apache-nifi-registry-toolkitpkg:apk/wolfi/apache-tika-3.0pkg:apk/wolfi/apache-tika-3.0-compatpkg:apk/wolfi/apache-tika-3.1pkg:apk/wolfi/apache-tika-3.1-compatpkg:apk/wolfi/apache-tika-3.2pkg:apk/wolfi/apache-tika-3.2-compatpkg:apk/wolfi/apicurio-registrypkg:apk/wolfi/apicurio-registry-nginx-configpkg:apk/wolfi/apicurio-registry-uipkg:apk/wolfi/cassandra-4.1pkg:apk/wolfi/cassandra-4.1-compatpkg:apk/wolfi/cassandra-5.0pkg:apk/wolfi/cassandra-5.0-compatpkg:apk/wolfi/cassandra-5.0-entrypoint-compatpkg:apk/wolfi/cassandra-5.0-iamguarded-compatpkg:apk/wolfi/cassandra-reaperpkg:apk/wolfi/confluent-kafkapkg:apk/wolfi/cqlsh-5.0pkg:apk/wolfi/debezium-connector-spanner-3.0pkg:apk/wolfi/debezium-connector-spanner-3.5pkg:apk/wolfi/dependency-trackpkg:apk/wolfi/dependency-track-bundledpkg:apk/wolfi/flywaypkg:apk/wolfi/gradle-9pkg:apk/wolfi/infinispan-15.2pkg:apk/wolfi/jenkins-plugin-managerpkg:apk/wolfi/jenkins-plugin-manager-compatpkg:apk/wolfi/kafka-3.8pkg:apk/wolfi/kafka-3.9pkg:apk/wolfi/kafka-4.0pkg:apk/wolfi/kafka-bitnami-compat-3.8pkg:apk/wolfi/kafka-bitnami-compat-3.9pkg:apk/wolfi/kafka-bitnami-compat-4.0pkg:apk/wolfi/kafka-iamguarded-compat-4.0pkg:apk/wolfi/keycloak-26.3pkg:apk/wolfi/keycloak-config-clipkg:apk/wolfi/keycloak-config-cli-bitnami-compatpkg:apk/wolfi/keycloak-config-cli-compatpkg:apk/wolfi/keycloak-config-cli-iamguarded-compatpkg:apk/wolfi/kserve-modelmeshpkg:apk/wolfi/kserve-modelmesh-compatpkg:apk/wolfi/liquibasepkg:apk/wolfi/logstash-9.2pkg:apk/wolfi/logstash-9.2-iamguarded-compatpkg:apk/wolfi/logstash-9.2-with-output-opensearchpkg:apk/wolfi/logstash-9.3pkg:apk/wolfi/logstash-9.3-iamguarded-compatpkg:apk/wolfi/logstash-9.3-with-output-opensearchpkg:apk/wolfi/management-api-for-apache-cassandra-4.1pkg:apk/wolfi/management-api-for-apache-cassandra-5.0pkg:apk/wolfi/maven-stage0pkg:apk/wolfi/neo4j-2025.01pkg:apk/wolfi/neo4j-2025.01-docker-publishpkg:apk/wolfi/neo4j-2025.02pkg:apk/wolfi/neo4j-2025.02-docker-publishpkg:apk/wolfi/neo4j-2025.03pkg:apk/wolfi/neo4j-2025.03-docker-publishpkg:apk/wolfi/neo4j-2025.04pkg:apk/wolfi/neo4j-2025.04-docker-publishpkg:apk/wolfi/neo4j-2025.05pkg:apk/wolfi/neo4j-2025.05-docker-publishpkg:apk/wolfi/neo4j-2025.06pkg:apk/wolfi/neo4j-2025.06-browserpkg:apk/wolfi/neo4j-2025.06-docker-publishpkg:apk/wolfi/neo4j-5.26pkg:apk/wolfi/neo4j-5.26-docker-publishpkg:apk/wolfi/neo4j-5.26-oci-entrypointpkg:apk/wolfi/nextflowpkg:apk/wolfi/nrjmxpkg:apk/wolfi/opensearch-2-geospatialpkg:apk/wolfi/opensearch-2-identity-shiropkg:apk/wolfi/opensearch-2-ingest-attachmentpkg:apk/wolfi/opensearch-2-k-nnpkg:apk/wolfi/opensearch-2-neural-searchpkg:apk/wolfi/opensearch-2-performance-analyzerpkg:apk/wolfi/opensearch-2-repository-azurepkg:apk/wolfi/opensearch-2-securitypkg:apk/wolfi/opensearch-2-security-analyticspkg:apk/wolfi/opensearch-2-sqlpkg:apk/wolfi/solrpkg:apk/wolfi/solr-oci-compatpkg:apk/wolfi/sonar-scanner-clipkg:apk/wolfi/sonar-scanner-cli-compatpkg:apk/wolfi/spdx-tools-javapkg:apk/wolfi/thingsboardpkg:apk/wolfi/thingsboard-tb-js-executorpkg:apk/wolfi/thingsboard-tb-mqtt-transportpkg:apk/wolfi/thingsboard-tb-nodepkg:apk/wolfi/thingsboard-tb-web-uipkg:apk/wolfi/wildflypkg:apk/wolfi/wildfly-openjdk-17pkg:apk/wolfi/wildfly-openjdk-17-compatpkg:apk/wolfi/wildfly-openjdk-21pkg:apk/wolfi/wildfly-openjdk-21-compatpkg:apk/wolfi/zipkinpkg:apk/wolfi/zipkin-oci-entrypointpkg:apk/wolfi/zipkin-slimpkg:maven/commons-lang/commons-langpkg:maven/org.apache.commons/commons-lang3pkg:rpm/opensuse/apache-commons-configuration2&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/apache-commons-lang3&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/apache-commons-lang3&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/apache-commons-lang&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/apache-commons-cli&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/apache-commons-cli&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/apache-commons-codec&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/apache-commons-codec&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/apache-commons-configuration2&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/apache-commons-configuration2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/apache-commons-io&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/apache-commons-io&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/apache-commons-lang3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/apache-commons-lang3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/apache-commons-lang3&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/apache-commons-lang3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/apache-commons-lang3&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/apache-commons-lang&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/apache-commons-lang&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/apache-commons-lang&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/apache-commons-text&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/apache-commons-text&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
< 3.2.0-r0+ 294 more
- (no CPE)range: < 3.2.0-r0
- (no CPE)range: < 0.26.0-r0
- (no CPE)range: < 2.42.0-r1
- (no CPE)range: < 2.42.0-r1
- (no CPE)range: < 2.17.0-r7
- (no CPE)range: < 2.17.0-r7
- (no CPE)range: < 2.7.1-r0
- (no CPE)range: < 2.4.0-r4
- (no CPE)range: < 2.4.0-r4
- (no CPE)range: < 2.9.4-r1
- (no CPE)range: < 2.9.4-r1
- (no CPE)range: < 3.0.0-r14
- (no CPE)range: < 3.0.0-r14
- (no CPE)range: < 3.1.0-r5
- (no CPE)range: < 3.1.0-r5
- (no CPE)range: < 3.2.1-r1
- (no CPE)range: < 3.2.1-r1
- (no CPE)range: < 3.0.9-r5
- (no CPE)range: < 3.0.9-r5
- (no CPE)range: < 3.0.9-r5
- (no CPE)range: < 8.3.22-r2
- (no CPE)range: < 8.3.22-r2
- (no CPE)range: < 8.4.21-r1
- (no CPE)range: < 8.4.21-r1
- (no CPE)range: < 8.6.21-r1
- (no CPE)range: < 8.6.21-r1
- (no CPE)range: < 8.7.7-r1
- (no CPE)range: < 8.7.7-r1
- (no CPE)range: < 4.0.18-r2
- (no CPE)range: < 4.0.18-r2
- (no CPE)range: < 4.0.18-r2
- (no CPE)range: < 4.1.9-r2
- (no CPE)range: < 4.1.9-r2
- (no CPE)range: < 4.1.9-r2
- (no CPE)range: < 5.0.4-r1
- (no CPE)range: < 5.0.4-r1
- (no CPE)range: < 5.0.4-r1
- (no CPE)range: < 5.0.4-r1
- (no CPE)range: < 4.0.15-r3
- (no CPE)range: < 4.0.15-r3
- (no CPE)range: < 4.1.7-r3
- (no CPE)range: < 4.1.7-r3
- (no CPE)range: < 5.0.3-r6
- (no CPE)range: < 5.0.3-r6
- (no CPE)range: < 3.8.0-r7
- (no CPE)range: < 8.2.0.25-r0
- (no CPE)range: < 8.2.0.41-r0
- (no CPE)range: < 5.0.4-r1
- (no CPE)range: < 5.0.3-r6
- (no CPE)range: < 3.0.8-r7
- (no CPE)range: < 3.5.1-r1
- (no CPE)range: < 4.13.2-r2
- (no CPE)range: < 4.13.2-r2
- (no CPE)range: < 8.19.2-r3
- (no CPE)range: < 8.17.10-r12
- (no CPE)range: < 8.19.16-r1
- (no CPE)range: < 8.19.16-r1
- (no CPE)range: < 8.19.2-r3
- (no CPE)range: < 8.19.2-r3
- (no CPE)range: < 8.19.2-r3
- (no CPE)range: < 9.0.7-r1
- (no CPE)range: < 9.0.7-r1
- (no CPE)range: < 9.0.7-r1
- (no CPE)range: < 9.0.7-r1
- (no CPE)range: < 9.1.3-r0
- (no CPE)range: < 9.4.1-r1
- (no CPE)range: < 9.4.1-r1
- (no CPE)range: < 8.19.2-r3
- (no CPE)range: < 9.0.8-r0
- (no CPE)range: < 9.0.8-r0
- (no CPE)range: < 9.0.8-r0
- (no CPE)range: < 9.1.3-r0
- (no CPE)range: < 9.1.3-r0
- (no CPE)range: < 9.1.3-r0
- (no CPE)range: < 9.4.1-r1
- (no CPE)range: < 11.16.0-r0
- (no CPE)range: < 11.4-r1
- (no CPE)range: < 9.0.0-r1
- (no CPE)range: < 3.3.6-r5
- (no CPE)range: < 15.1.7-r22
- (no CPE)range: < 15.2.6-r21
- (no CPE)range: < 2.13.2-r1
- (no CPE)range: < 2.13.2-r1
- (no CPE)range: < 3.7.2-r43
- (no CPE)range: < 3.8.1-r43
- (no CPE)range: < 3.9.1-r2
- (no CPE)range: < 4.0.0-r44
- (no CPE)range: < 3.7.2-r43
- (no CPE)range: < 3.8.1-r43
- (no CPE)range: < 3.9.1-r2
- (no CPE)range: < 4.0.0-r44
- (no CPE)range: < 4.0.0-r44
- (no CPE)range: < 26.3.5-r3
- (no CPE)range: < 6.4.0-r45
- (no CPE)range: < 6.4.0-r45
- (no CPE)range: < 6.4.0-r45
- (no CPE)range: < 6.4.0-r45
- (no CPE)range: < 0.12.0-r13
- (no CPE)range: < 0.12.0-r13
- (no CPE)range: < 2.12.0-r1
- (no CPE)range: < 4.33.0-r1
- (no CPE)range: < 4.14.0-r11
- (no CPE)range: < 9.2.6-r3
- (no CPE)range: < 9.2.6-r3
- (no CPE)range: < 9.2.6-r3
- (no CPE)range: < 9.3.1-r4
- (no CPE)range: < 9.3.1-r4
- (no CPE)range: < 9.3.1-r4
- (no CPE)range: < 0.1.109-r1
- (no CPE)range: < 0.1.109-r0
- (no CPE)range: < 0.1.109-r0
- (no CPE)range: < 3.9.12-r0
- (no CPE)range: < 2025.01.0-r4
- (no CPE)range: < 2025.01.0-r4
- (no CPE)range: < 2025.02.0-r4
- (no CPE)range: < 2025.02.0-r4
- (no CPE)range: < 2025.03.0-r4
- (no CPE)range: < 2025.03.0-r4
- (no CPE)range: < 2025.04.0-r2
- (no CPE)range: < 2025.04.0-r2
- (no CPE)range: < 2025.05.1-r1
- (no CPE)range: < 2025.05.1-r1
- (no CPE)range: < 2025.06.2-r1
- (no CPE)range: < 2025.06.2-r1
- (no CPE)range: < 2025.06.2-r1
- (no CPE)range: < 4.4.44-r2
- (no CPE)range: < 4.4.44-r2
- (no CPE)range: < 5.26.9-r1
- (no CPE)range: < 5.26.9-r1
- (no CPE)range: < 5.26.9-r1
- (no CPE)range: < 26.04.0-r0
- (no CPE)range: < 2.7.0-r3
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 0.11.0-r3
- (no CPE)range: < 9.8.1-r2
- (no CPE)range: < 9.8.1-r2
- (no CPE)range: < 7.1.0.4889-r2
- (no CPE)range: < 7.1.0.4889-r2
- (no CPE)range: < 3.5.8-r0
- (no CPE)range: < 3.5.8-r0
- (no CPE)range: < 2.0.1-r5
- (no CPE)range: < 3.5.5-r0
- (no CPE)range: < 4.1-r1
- (no CPE)range: < 4.1-r1
- (no CPE)range: < 4.1-r1
- (no CPE)range: < 4.1-r1
- (no CPE)range: < 4.1-r1
- (no CPE)range: < 24.04-r17
- (no CPE)range: < 25.9.0_git20251029-r1
- (no CPE)range: < 36.0.1-r6
- (no CPE)range: < 36.0.1-r6
- (no CPE)range: < 36.0.1-r6
- (no CPE)range: < 36.0.1-r6
- (no CPE)range: < 36.0.1-r6
- (no CPE)range: < 2.17.0-r2
- (no CPE)range: < 3.5.1-r8
- (no CPE)range: < 3.5.1-r8
- (no CPE)range: < 3.5.1-r8
- (no CPE)range: < 3.2.0-r0
- (no CPE)range: < 0.26.0-r0
- (no CPE)range: < 2.42.0-r1
- (no CPE)range: < 2.42.0-r1
- (no CPE)range: < 2.7.1-r0
- (no CPE)range: < 2.4.0-r4
- (no CPE)range: < 2.4.0-r4
- (no CPE)range: < 3.0.0-r14
- (no CPE)range: < 3.0.0-r14
- (no CPE)range: < 3.1.0-r5
- (no CPE)range: < 3.1.0-r5
- (no CPE)range: < 3.2.1-r1
- (no CPE)range: < 3.2.1-r1
- (no CPE)range: < 3.0.9-r5
- (no CPE)range: < 3.0.9-r5
- (no CPE)range: < 3.0.9-r5
- (no CPE)range: < 4.1.9-r2
- (no CPE)range: < 4.1.9-r2
- (no CPE)range: < 5.0.4-r1
- (no CPE)range: < 5.0.4-r1
- (no CPE)range: < 5.0.4-r1
- (no CPE)range: < 5.0.4-r1
- (no CPE)range: < 3.8.0-r7
- (no CPE)range: < 8.2.0.25-r0
- (no CPE)range: < 5.0.4-r1
- (no CPE)range: < 3.0.8-r7
- (no CPE)range: < 3.5.1-r1
- (no CPE)range: < 4.13.2-r2
- (no CPE)range: < 4.13.2-r2
- (no CPE)range: < 11.16.0-r0
- (no CPE)range: < 9.0.0-r1
- (no CPE)range: < 15.2.6-r21
- (no CPE)range: < 2.13.2-r1
- (no CPE)range: < 2.13.2-r1
- (no CPE)range: < 3.8.1-r43
- (no CPE)range: < 3.9.1-r2
- (no CPE)range: < 4.0.0-r44
- (no CPE)range: < 3.8.1-r43
- (no CPE)range: < 3.9.1-r2
- (no CPE)range: < 4.0.0-r44
- (no CPE)range: < 4.0.0-r44
- (no CPE)range: < 26.3.5-r3
- (no CPE)range: < 6.4.0-r45
- (no CPE)range: < 6.4.0-r45
- (no CPE)range: < 6.4.0-r45
- (no CPE)range: < 6.4.0-r45
- (no CPE)range: < 0.12.0-r13
- (no CPE)range: < 0.12.0-r13
- (no CPE)range: < 4.33.0-r1
- (no CPE)range: < 9.2.6-r3
- (no CPE)range: < 9.2.6-r3
- (no CPE)range: < 9.2.6-r3
- (no CPE)range: < 9.3.1-r4
- (no CPE)range: < 9.3.1-r4
- (no CPE)range: < 9.3.1-r4
- (no CPE)range: < 0.1.109-r0
- (no CPE)range: < 0.1.109-r0
- (no CPE)range: < 3.9.12-r0
- (no CPE)range: < 2025.01.0-r4
- (no CPE)range: < 2025.01.0-r4
- (no CPE)range: < 2025.02.0-r4
- (no CPE)range: < 2025.02.0-r4
- (no CPE)range: < 2025.03.0-r4
- (no CPE)range: < 2025.03.0-r4
- (no CPE)range: < 2025.04.0-r2
- (no CPE)range: < 2025.04.0-r2
- (no CPE)range: < 2025.05.1-r1
- (no CPE)range: < 2025.05.1-r1
- (no CPE)range: < 2025.06.2-r1
- (no CPE)range: < 2025.06.2-r1
- (no CPE)range: < 2025.06.2-r1
- (no CPE)range: < 5.26.9-r1
- (no CPE)range: < 5.26.9-r1
- (no CPE)range: < 5.26.9-r1
- (no CPE)range: < 26.04.0-r0
- (no CPE)range: < 2.7.0-r3
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 2.19.4-r0
- (no CPE)range: < 9.8.1-r2
- (no CPE)range: < 9.8.1-r2
- (no CPE)range: < 7.1.0.4889-r2
- (no CPE)range: < 7.1.0.4889-r2
- (no CPE)range: < 2.0.1-r5
- (no CPE)range: < 4.1-r1
- (no CPE)range: < 4.1-r1
- (no CPE)range: < 4.1-r1
- (no CPE)range: < 4.1-r1
- (no CPE)range: < 4.1-r1
- (no CPE)range: < 36.0.1-r6
- (no CPE)range: < 36.0.1-r6
- (no CPE)range: < 36.0.1-r6
- (no CPE)range: < 36.0.1-r6
- (no CPE)range: < 36.0.1-r6
- (no CPE)range: < 3.5.1-r8
- (no CPE)range: < 3.5.1-r8
- (no CPE)range: < 3.5.1-r8
- (no CPE)range: >= 2.0, <= 2.6
- (no CPE)range: >= 3.0, < 3.18.0
- (no CPE)range: < 2.15.0-1.1
- (no CPE)range: < 3.18.0-150200.3.12.1
- (no CPE)range: < 3.18.0-1.1
- (no CPE)range: < 2.6-150200.14.3.1
- (no CPE)range: < 1.11.0-160000.1.1
- (no CPE)range: < 1.11.0-160000.1.1
- (no CPE)range: < 1.22.0-160000.1.1
- (no CPE)range: < 1.22.0-160000.1.1
- (no CPE)range: < 2.15.0-160000.1.1
- (no CPE)range: < 2.15.0-160000.1.1
- (no CPE)range: < 2.22.0-160000.1.1
- (no CPE)range: < 2.22.0-160000.1.1
- (no CPE)range: < 3.18.0-150200.3.12.1
- (no CPE)range: < 3.18.0-150200.3.12.1
- (no CPE)range: < 3.20.0-160000.1.1
- (no CPE)range: < 3.20.0-160000.1.1
- (no CPE)range: < 3.18.0-150200.3.12.1
- (no CPE)range: < 2.6-150200.14.3.1
- (no CPE)range: < 2.6-150200.14.3.1
- (no CPE)range: < 2.6-5.3.1
- (no CPE)range: < 1.15.0-160000.1.1
- (no CPE)range: < 1.15.0-160000.1.1
- Range: 3.0
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-j288-q9x7-2f5vghsaADVISORY
- lists.apache.org/thread/bgv0lpswokgol11tloxnjfzdl7yrc1g1nvdMailing ListVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2025-48924ghsaADVISORY
- www.openwall.com/lists/oss-security/2025/07/11/1nvdWEB
- github.com/apache/commons-lang/commit/b424803abdb2bec818e4fbcb251ce031c22aca53ghsaWEB
- lists.debian.org/debian-lts-announce/2025/08/msg00000.htmlnvdWEB
- lists.debian.org/debian-lts-announce/2025/08/msg00026.htmlnvdWEB
- lists.debian.org/debian-lts-announce/2025/09/msg00032.htmlnvdWEB
- lists.debian.org/debian-lts-announce/2025/09/msg00036.htmlnvdWEB
News mentions
0No linked articles in our index yet.