Skip to content

[BUG] Opensearch 3.2.0 has a vulnerability CVE-2025-48924. #19609

New issue
New issue
Open
Open
[BUG] Opensearch 3.2.0 has a vulnerability CVE-2025-48924.#19609
Labels
PluginsbugSomething isn't workinguntriaged
@shlwb0

Description

@shlwb0
shlwb0
opened on Oct 13, 2025

Describe the bug

Opensearch 3.2.0 only fixed commons-lang3 and did not fix common-lang.

opensearch-3.2.0/plugins/opensearch-knn/commons-lang-2.6.jar

Related component

Plugins

To Reproduce

Scan 3.2.0 image.

Expected behavior

fix opensearch-3.2.0/plugins/opensearch-knn/commons-lang-2.6.jar

Additional Details

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    PluginsbugSomething isn't workinguntriaged

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions