CNNVD-202507-1649 Information

CNNVD ID

CNNVD-202507-1649

Related CVE

CVE-2025-48924

• CNNVD Published: 2025-07-11

Description (Chinese)

Apache Commons Lang是美国阿帕奇（Apache）基金会的一个工具库。 Apache Commons Lang 2.0至2.6版本和3.0至3.18.0之前版本存在安全漏洞，该漏洞源于ClassUtils.getClass方法存在无限递归，可能导致栈溢出。

Description (English)

Apache Commons Lang is a tool bank for the Apache Foundation in the United States. There is a security loophole in Appache Commons Versions 2.0 to 2.6 and previous versions of 3.0 to 3.18.0, which stems from the indefinite regression of the ClassUtils.getClass method, which could lead to a spill.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

阿帕奇

Published

2025-07-11

Last Modified

2026-02-24

References

https://lists.apache.org/thread/bgv0lpswokgol11tloxnjfzdl7yrc1g1 https://www.oracle.com/security-alerts/cpuoct2025.html https://www.oracle.com/security-alerts/cpujan2026.html

Patch

https://commons.apache.org/proper/commons-lang/download_lang.cgi