CVE-2020-14326 – org.jboss.resteasy:resteasy-bom

Package

Manager: maven
Name: org.jboss.resteasy:resteasy-bom
Vulnerable Version: >=0 <4.5.6.final

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00499 pctl0.64894

Details

RESTEasy 4.5.5.Final in hash flooding A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service.

Metadata

Created: 2022-03-18T17:58:59Z
Modified: 2022-07-19T18:54:16Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-37g7-8vjj-pjpj/GHSA-37g7-8vjj-pjpj.json
CWE IDs: ["CWE-400"]
Alternative ID: GHSA-37g7-8vjj-pjpj
Finding: F002
Auto approve: 1