yougecn opened a new pull request, #7667: URL: https://github.com/apache/incubator-seata/pull/7667
https://github.com/advisories/GHSA-j288-q9x7-2f5v Apache Commons Lang中存在未控制的递归漏洞。此问题影响Apache Commons Lang:从commons-lang:commons-lang 2.0到2.6版本,以及org.apache.commons:commons-lang3的3.0版本之前至3.18.0版本。ClassUtils.getClass(...)方法在处理非常长的输入时可能会抛出StackOverflowError。由于应用程序和库通常不会处理Error,因此StackOverflowError可能会导致应用程序停止运行。建议用户升级到版本3.18.0,该版本已修复此问题。 受影响的版本 Apache Commons Lang (commons-lang:commons-lang) 2.0 through 2.6 Apache Commons Lang (org.apache.commons:commons-lang3) 3.0 before 3.18.0 Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. Users are recommended to upgrade to version 3.18.0, which fixes the issue. Affected versions: Apache Commons Lang (commons-lang:commons-lang) 2.0 through 2.6 Apache Commons Lang (org.apache.commons:commons-lang3) 3.0 before 3.18.0 How it could be? upgrade commons-lang 2.6 to commons-lang3 3.18.0 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
