An update for apache-commons-lang is now available for openEuler-24.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-2030 Final 1.0 1.0 2025-08-15 Initial 2025-08-15 2025-08-15 openEuler SA Tool V1.0 2025-08-15 apache-commons-lang security update An update for apache-commons-lang is now available for openEuler-24.03-LTS The standard Java libraries fail to provide enough methods for manipulation of its core classes. Apache Commons Lang provides these extra methods. Security Fix(es): A vulnerability classified as problematic has been found in Apache Commons Lang up to 2.6/3.17.x.CWE is classifying the issue as CWE-674. The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.This is going to have an impact on confidentiality, integrity, and availability.Upgrading to version 3.18.0 eliminates this vulnerability.(CVE-2025-48924) An update for apache-commons-lang is now available for openEuler-24.03-LTS. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium apache-commons-lang https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2030 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-48924 https://nvd.nist.gov/vuln/detail/CVE-2025-48924 openEuler-24.03-LTS apache-commons-lang-2.6-24.oe2403.noarch.rpm apache-commons-lang-help-2.6-24.oe2403.noarch.rpm apache-commons-lang-2.6-24.oe2403.src.rpm A vulnerability classified as problematic has been found in Apache Commons Lang up to 2.6/3.17.x.CWE is classifying the issue as CWE-674. The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.This is going to have an impact on confidentiality, integrity, and availability.Upgrading to version 3.18.0 eliminates this vulnerability. 2025-08-15 CVE-2025-48924 openEuler-24.03-LTS Medium 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L apache-commons-lang security update 2025-08-15 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2030