CVE-2020-14307

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-14307
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-14307.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-14307
Downstream
Published
2020-07-24T16:15:11.897Z
Modified
2026-02-06T05:17:38.106849Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.

References

Affected packages

Git / github.com/keycloak/keycloak

Affected ranges

Type
GIT
Repo
https://github.com/keycloak/keycloak
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3f67c59e219c05eb3165725611d9b47f0a3e012d
Last affected
b60c6d72270e814883631352805348a9d462e8a1
Last affected
e6a274ea0e31c6572e795f3372f006c88122539b

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-14307.json"