CVE-2020-14326

A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service.

Published: Jun 2, 2021
Updated: May 9, 2024
CVE: CVE-2020-14326
GHSA: GHSA-37g7-8vjj-pjpj
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-400

Affected Software
References

Software	From	Fixed in
redhat / resteasy	4.2.0	4.5.6
org.jboss.resteasy / resteasy-bom	-	4.5.6.Final

https://bugzilla.redhat.com/show_bug.cgi?id=1855826
https://github.com/resteasy/Resteasy/pull/2471
https://security.netapp.com/advisory/ntap-20210713-0001/

Vulnerability Database

289,599

CVE-2020-14326