CVE-2020-14297

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-14297

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-14297.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-14297

Aliases

GHSA-qcch-9268-59jw

Related

Published

2020-07-24T16:15:11Z

Modified

2024-09-02T22:40:17Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable.

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14297

Affected packages

Git / github.com/wildfly/jboss-ejb-client

Affected ranges

Type: GIT
Repo: https://github.com/wildfly/jboss-ejb-client
Events: Introduced

6d4e9117e19af18e9ea3e60eee7a377c8ad60def

Fixed

7d035a2005e93d462e1756274d3c8199f8bd4313