Primary

Context

Apache Commons Lang Uncontrolled Recursion Vulnerability in ClassUtils.getClass() Method

Vulnerability

A vulnerability allowing uncontrolled recursion has been identified in Apache Commons Lang. This issue affects versions 2.0 through 2.6 of commons-lang:commons-lang, as well as org.apache.commons:commons-lang3 versions 3.0 prior to 3.18.0. The vulnerability arises because the ClassUtils.getClass() method can throw a StackOverflowError when processing very long inputs. Since Errors are typically not managed by applications or libraries, this StackOverflowError could lead to an application crashing.

Impact

Exploitation of this vulnerability can cause a StackOverflowError, which is an unhandled error in Java that can terminate an application abruptly.

Remediation

Users are advised to upgrade to Apache Commons Lang version 3.18.0 or later, which addresses this vulnerability.

Added: Jul 11, 2025, 3:55 PM

Updated: Jul 11, 2025, 3:55 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Commons Lang Uncontrolled Recursion Vulnerability in ClassUtils.getClass() Method

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating