Apache Commons Lang
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Apache Commons Lang.
By the Year
In 2026 there have been 0 vulnerabilities in Apache Commons Lang. Last year, in 2025 Commons Lang had 1 security vulnerability published. Right now, Commons Lang is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 5.30 |
It may take a day or so for new Commons Lang vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apache Commons Lang Security Vulnerabilities
StackOverflow via Uncontrolled Recursion in Apache Commons Lang < 3.18.0
CVE-2025-48924
5.3 - Medium
- July 11, 2025
Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. Users are recommended to upgrade to version 3.18.0, which fixes the issue.
Stack Exhaustion
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apache Commons Lang or by Apache? Click the Watch button to subscribe.
