🔐 CVE-2025-48924: org.apache.commons:commons-lang3:jar:3.17.0:compile

## Summary
Uncontrolled Recursion vulnerability in Apache Commons Lang.

This issue affects Apache Commons Lang: Starting withÂ commons-lang:commons-langÂ 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 beforeÂ 3.18.0.

The methods ClassUtils.getClass(...) can throwÂ StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a 
StackOverflowError couldÂ cause an application to stop.

Users are recommended to upgrade to version 3.18.0, which fixes the issue.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2025-48924 for details

CVE: CVE-2025-48924
CWE: CWE-674

## References
- https://ossindex.sonatype.org/vulnerability/CVE-2025-48924?component-type=maven&component-name=org.apache.commons%2Fcommons-lang3&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-48924
- https://github.com/advisories/GHSA-j288-q9x7-2f5v

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

🔐 CVE-2025-48924: org.apache.commons:commons-lang3:jar:3.17.0:compile #56

Summary

References

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

🔐 CVE-2025-48924: org.apache.commons:commons-lang3:jar:3.17.0:compile #56

Description

Summary

References

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions