Описание
Uncontrolled Recursion vulnerability in Apache Commons Lang.
This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.
The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a
StackOverflowError could cause an application to stop.
Users are recommended to upgrade to version 3.18.0, which fixes the issue.
An uncontrolled recursion flaw was found in the Apache Commons Lang library. The ClassUtils.getClass(...) method can throw a StackOverflowError on very long inputs. Since this error is typically not handled by applications and libraries, a StackOverflowError may lead to the termination of an application.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| AMQ Clients | commons-lang | Fix deferred | ||
| AMQ Clients | commons-lang3 | Fix deferred | ||
| Cryostat 4 | commons-lang | Fix deferred | ||
| Cryostat 4 | commons-lang3 | Fix deferred | ||
| Logging Subsystem for Red Hat OpenShift | commons-lang | Fix deferred | ||
| Logging Subsystem for Red Hat OpenShift | commons-lang3 | Fix deferred | ||
| OpenShift Developer Tools and Services | jenkins | Fix deferred | ||
| OpenShift Developer Tools and Services | jenkins-2-plugins | Fix deferred | ||
| OpenShift Serverless | openshift-serverless-1/kn-eventing-integrations-aws-ddb-streams-source-rhel8 | Fix deferred | ||
| OpenShift Serverless | openshift-serverless-1/kn-eventing-integrations-aws-s3-sink-rhel8 | Fix deferred |
Показывать по
Дополнительная информация
Статус:
3.7 Low
CVSS3
Связанные уязвимости
Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. Users are recommended to upgrade to version 3.18.0, which fixes the issue.
Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. Users are recommended to upgrade to version 3.18.0, which fixes the issue.
Uncontrolled Recursion vulnerability in Apache Commons Lang. This iss ...
Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs
Уязвимость функции ClassUtils.getClass() библиотеки Apache Commons Lang для языка программирования Java, позволяющая нарушителю вызывать отказ в обслуживании
3.7 Low
CVSS3