View all vulnerabilities

CVE-2025-48924

Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs

Uncontrolled Recursion vulnerability in Apache Commons Lang.This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop.Users are recommended to upgrade to version 3.18.0, which fixes the issue.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
6.4
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Versions
org.apache.commons:commons-lang3 >= 3.0 < 3.18.0; commons-lang:commons-lang >= 2.0
Severity
Medium
Ecosystem
Publish Date
July 11, 2025
Modified Date
July 11, 2025