Components Vulnerabilities Pricing MCP API

Find vulnerabilities. Fix fast with AI.

Search components by package, version, or CVE to get started.

com.aliyun/hadoop-oss 3.3.5-2.0.26-alpha-s… | Sonatype Guide

Get full component data and automated fixes with Sonatype Guide.

Sign up for free

hadoop-oss

3.3.5-2.0.26-alpha-shade

hadoop-oss 3.3.5-2.0.26-alpha-shade

com.aliyun

PublishedApr 30, 2026•Policy

compliance

Developer Trust Score

Recommended Version:x.y.z

Recommended upgrade that meets your policy.

Compare Versions

Severity

Critical (0)

High (2)

Medium (1)

Low (1)

CVSS Score

0.010.0

EPSS Score

0.01.0

Malware

KEV StatusPublished

6.9CVE-2025-48924

Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. Users are recommended to upgrade to version 3.18.0, which fixes the issue.

PublishedJul 14, 2025

8.7sonatype-2024-3350

commons-collections - Uncontrolled Recursion

PublishedAug 13, 2024

7.1CVE-2023-2976

Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.

3.3sonatype-2020-0926

guava - Creation of Temporary File in Directory with Insecure Permissions [CVE-2020-8908]

PublishedMay 31, 2023

Published

Sep 22, 2020