ELA-1530-1 libcommons-lang3-java security update

uncontrolled recursion vulnerability

2025-10-01
Packagelibcommons-lang3-java
Version3.5-1+deb9u1 (stretch), 3.8-2+deb10u1 (buster)
Related CVEs CVE-2025-48924


A vulnerability was discovered in Apache Commons Lang utility classes, a Java API for classes that are in java.lang’s hierarchy.

CVE-2025-48924

An uncontrolled recursion vulnerability was discovered in Apache Commons
Lang. The method ClassUtils.getClass() can throw a StackOverflowError
on very long inputs.


For Debian 10 buster, these problems have been fixed in version 3.8-2+deb10u1.

For Debian 9 stretch, these problems have been fixed in version 3.5-1+deb9u1.

We recommend that you upgrade your libcommons-lang3-java packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.