org.apache.commons:commons-lang3

[xxhoffmann]

Weblogic operator includes
org.apache.commons:commons-lang3 version 3.13.0 which is identified as a vulnerability.

Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting withcommons-lang:commons-lang2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before3.18.0. The methods ClassUtils.getClass(...) can throwStackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError couldcause an application to stop. Users are recommended to upgrade to version 3.18.0, which fixes the issue.

[rjeberhard]

Thanks for the report, @xxhoffmann. This dependency is coming from the standard Java Kubernetes client. However, I'll just override it in the operator's pom and get a dot release out as soon as possible.