Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0zN2c3LTh2amotcGpwas00JA
RESTEasy 4.5.5.Final in hash flooding
A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service.
Permalink: https://github.com/advisories/GHSA-37g7-8vjj-pjpjJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zN2c3LTh2amotcGpwas00JA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: over 1 year ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-37g7-8vjj-pjpj, CVE-2020-14326
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-14326
- https://github.com/resteasy/Resteasy/pull/2471
- https://bugzilla.redhat.com/show_bug.cgi?id=1855826
- https://security.netapp.com/advisory/ntap-20210713-0001/
- https://github.com/advisories/GHSA-37g7-8vjj-pjpj
Blast Radius: 18.8
Affected Packages
maven:org.jboss.resteasy:resteasy-bom
Dependent packages: 47Dependent repositories: 326
Downloads:
Affected Version Ranges: <= 4.5.5.Final
Fixed in: 4.5.6.Final
All affected versions:
All unaffected versions: