0--commons-lang-2.6.jar00-/usr/local/tomcat/webapps/govwayAPIMonitor.war/WEB-INF/lib/commons-lang-2.6.jarFALLBACK-f48ad3a611CVE-2025-48924: LanguageSpecificPackageVulnerability commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang For additional help see: **Vulnerability CVE-2025-48924** | Severity | Package | Fixed Version | Link | | --- | --- | --- | --- | |MEDIUM|commons-lang:commons-lang||[CVE-2025-48924](https://avd.aquasec.com/nvd/cve-2025-48924)| Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. Users are recommended to upgrade to version 3.18.0, which fixes the issue. Package: commons-lang:commons-lang Installed Version: 2.6 Vulnerability CVE-2025-48924 Severity: MEDIUM Fixed Version: Link: [CVE-2025-48924](https://avd.aquasec.com/nvd/cve-2025-48924)trivyTrivy Security Scanner-1377NORMALcommons-lang-2.6.jar(1,0): CVE-2025-48924: : CVE-2025-48924: LanguageSpecificPackageVulnerability commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang For additional help see: **Vulnerability CVE-2025-48924** | Severity | Package | Fixed Version | Link | | --- | --- | --- | --- | |MEDIUM|commons-lang:commons-lang||[CVE-2025-48924](https://avd.aquasec.com/nvd/cve-2025-48924)| Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. Users are recommended to upgrade to version 3.18.0, which fixes the issue. Package: commons-lang:commons-lang Installed Version: 2.6 Vulnerability CVE-2025-48924 Severity: MEDIUM Fixed Version: Link: [CVE-2025-48924](https://avd.aquasec.com/nvd/cve-2025-48924)CVE-2025-489240--jasperreports-6.20.0.jar00-/usr/local/tomcat/webapps/govwayAPIMonitor.war/WEB-INF/lib/jasperreports-6.20.0.jarFALLBACK-b0f3610311CVE-2025-10492: LanguageSpecificPackageVulnerability JasperReports has a Java deserialisation vulnerability For additional help see: **Vulnerability CVE-2025-10492** | Severity | Package | Fixed Version | Link | | --- | --- | --- | --- | |HIGH|net.sf.jasperreports:jasperreports||[CVE-2025-10492](https://avd.aquasec.com/nvd/cve-2025-10492)| A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library Package: net.sf.jasperreports:jasperreports Installed Version: 6.20.0 Vulnerability CVE-2025-10492 Severity: HIGH Fixed Version: Link: [CVE-2025-10492](https://avd.aquasec.com/nvd/cve-2025-10492)trivyTrivy Security Scanner-1377HIGHjasperreports-6.20.0.jar(1,0): CVE-2025-10492: : CVE-2025-10492: LanguageSpecificPackageVulnerability JasperReports has a Java deserialisation vulnerability For additional help see: **Vulnerability CVE-2025-10492** | Severity | Package | Fixed Version | Link | | --- | --- | --- | --- | |HIGH|net.sf.jasperreports:jasperreports||[CVE-2025-10492](https://avd.aquasec.com/nvd/cve-2025-10492)| A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library Package: net.sf.jasperreports:jasperreports Installed Version: 6.20.0 Vulnerability CVE-2025-10492 Severity: HIGH Fixed Version: Link: [CVE-2025-10492](https://avd.aquasec.com/nvd/cve-2025-10492)CVE-2025-1049222 warnings (high: 1, normal: 1)