[Backport 2.19-dev] CVE-2025-48924: upgrade commons-lang3 to 3.18.0 (#3895) by LantaoJin · Pull Request #3903 · opensearch-project/sql

Security Report

1 new vulnerabilities were introduced in this branch.

❌ New vulnerabilities:

Vulnerability	Severity	CVSS Score	Vulnerable Library	Suggested Fix	Issue
CVE-2025-48924 Path to dependency file: /ppl/build.gradle Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/commons-lang/commons-lang/2.4/16313e02a793435009f1e458fa4af5d879f6fb11/commons-lang-2.4.jar Dependency Hierarchy: -> calcite-testkit-1.38.0.jar (Root Library) -> calcite-core-1.38.0.jar -> aggdesigner-algorithm-6.0.jar -> ❌ commons-lang-2.4.jar (Vulnerable Library)	Medium	5.3	commons-lang-2.4.jar	Upgrade to version: org.apache.commons:commons-lang3:3.18.0	None

Base branch total remaining vulnerabilities: 0
Base branch commit: 0a07684a3dae7be069b628ae666efaf667295f48

Total libraries scanned: 256

Scan token: 742f3d8c227243f6b28f95afb3212e61

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Backport 2.19-dev] CVE-2025-48924: upgrade commons-lang3 to 3.18.0 (#3895)#3903

[Backport 2.19-dev] CVE-2025-48924: upgrade commons-lang3 to 3.18.0 (#3895)#3903
penghuo merged 1 commit into
opensearch-project:2.19-devfrom
LantaoJin:backport/backport-3895-to-2.19-dev

Uh oh!

Security Report

Re-running checks...