yougecn opened a new issue, #7666: URL: https://github.com/apache/incubator-seata/issues/7666
### Check Ahead - [x] I have searched the [issues](https://github.com/seata/seata/issues) of this repository and believe that this is not a duplicate. - [x] I am willing to try to implement this feature myself. ### Why you need it? CVE-2025-48924 Apache Commons Lang中存在未控制的递归漏洞。此问题影响Apache Commons Lang:从commons-lang:commons-lang 2.0到2.6版本,以及org.apache.commons:commons-lang3的3.0版本之前至3.18.0版本。ClassUtils.getClass(...)方法在处理非常长的输入时可能会抛出StackOverflowError。由于应用程序和库通常不会处理Error,因此StackOverflowError可能会导致应用程序停止运行。建议用户升级到版本3.18.0,该版本已修复此问题。 受影响的版本 - Apache Commons Lang (commons-lang:commons-lang) 2.0 through 2.6 - Apache Commons Lang (org.apache.commons:commons-lang3) 3.0 before 3.18.0 Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. Users are recommended to upgrade to version 3.18.0, which fixes the issue. Affected versions: - Apache Commons Lang (commons-lang:commons-lang) 2.0 through 2.6 - Apache Commons Lang (org.apache.commons:commons-lang3) 3.0 before 3.18.0 ### How it could be? upgrade commons-lang 2.6 to commons-lang3 3.18.0 ### Other related information _No response_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
