发布时间: 2025年8月1日
修改时间: 2025年8月22日
A vulnerability classified as problematic has been found in Apache Commons Lang up to 2.6/3.17.x.CWE is classifying the issue as CWE-674. The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.This is going to have an impact on confidentiality, integrity, and availability.Upgrading to version 3.18.0 eliminates this vulnerability.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | None | |
| Attack Vector | Network | |
| CVSS评分 | N/A | 5.3 |
| Attack Complexity | Low | |
| Privileges Required | None | |
| Scope | Unchanged | |
| Integrity | None | |
| User Interaction | None | |
| Availability | Low |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2025-2805 | apache-commons-lang security update | 2025年9月16日 |
| KylinSec-SA-2025-2857 | apache-commons-lang security update | 2025年8月27日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-5A | apache-commons-lang3 | Fixed |
| V6 | apache-commons-lang3 | Fixed |
| KY3.5.3 | apache-commons-lang3 | Fixed |
| KY3.5.2 | apache-commons-lang3 | Fixed |
