Jar Vulnerability Management - Yash-777/MyWorld GitHub Wiki
Details of the vulnerability
- Vulnerability Name: Uncontrolled Recursion
- Affected Versions:
commons-lang:commons-lang versions 2.0 to 2.6
org.apache.commons:commons-lang3 versions 3.0 to 3.17.0 (before 3.18.0)
- Root Cause: The
ClassUtils.getClass(...) method has an uncontrolled recursive behavior when processing very long input strings.
- Impact: A
StackOverflowError can be thrown, which typically causes the application to stop unexpectedly since it's an Error type and usually unhandled by applications and libraries.
- Mitigation
- Upgrade: The recommended solution is to upgrade your
Apache Commons Lang dependency to version 3.18.0 or a later version.