GHSA-37g7-8vjj-pjpj

Source

https://github.com/advisories/GHSA-37g7-8vjj-pjpj

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-37g7-8vjj-pjpj/GHSA-37g7-8vjj-pjpj.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-37g7-8vjj-pjpj

Aliases

CVE-2020-14326

Published

2022-03-18T17:58:59Z

Modified

2024-02-19T05:25:04.262462Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

RESTEasy 4.5.5.Final in hash flooding

Details

A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service.

Database specific

{
    "nvd_published_at": "2021-06-02T12:15:00Z",
    "cwe_ids": [
        "CWE-400"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2021-06-03T21:18:23Z"
}

References

Affected packages

Maven / org.jboss.resteasy:resteasy-bom

Package

Name: org.jboss.resteasy:resteasy-bom; View open source insights on deps.dev
Purl: pkg:maven/org.jboss.resteasy/resteasy-bom

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.5.6.Final

Affected versions

1.*

1.2.GA

1.2.1.GA

2.*

2.0-beta-1

2.0-beta-2

2.0-beta-3

2.0-beta-4

2.0-RC1

2.0.0.GA

2.0.1.GA

2.1-beta-1

2.1.0.GA

2.2-beta-1

2.2-RC-1

2.2.0.GA

2.2.1.GA

2.2.2.GA

2.2.3.GA

2.3-beta-1

2.3-RC1

2.3.0.GA

2.3.1.GA

2.3.2.Final

2.3.3.Final

2.3.4.Final

2.3.5.Final

2.3.6.Final

2.3.7.Final

2.3.10.Final

3.*

3.0-beta-1

3.0-beta-2

3.0-beta-3

3.0-beta-4

3.0-beta-5

3.0-beta-6

3.0-rc-1

3.0.0.Final

3.0.1.Final

3.0.2.Final

3.0.3.Final

3.0.4.Final

3.0.5.Final

3.0.6.Final

3.0.7.Final

3.0.8.Final

3.0.9.Final

3.0.10.Final

3.0.11.Final

3.0.12.Final

3.0.13.Final

3.0.14.Final

3.0.15.Final

3.0.16.Final

3.0.17.Final

3.0.18.Final

3.0.19.Final

3.0.20.Final

3.0.21.Final

3.0.22.Final

3.0.23.Final

3.0.24.Final

3.0.26.Final

3.1.0.Beta1

3.1.0.Beta2

3.1.0.CR1

3.1.0.CR2

3.1.0.CR3

3.1.0.Final

3.1.1.Final

3.1.2.Final

3.1.3.Final

3.1.4.Final

3.5.0.CR1

3.5.0.CR2

3.5.0.CR3

3.5.0.CR4

3.5.0.Final

3.5.1.Final

3.6.0.CR1

3.6.0.Final

3.6.1.SP1

3.6.1.SP2

3.6.1.SP3

3.6.1.SP5

3.6.1.SP6

3.6.1.SP7

3.6.1.SP8

3.6.1.Final

3.6.2.Final

3.6.3.SP1

3.6.3.Final

3.7.0.Final

3.8.0.Final

3.8.1.Final

3.9.0.Final

3.9.1.Final

3.9.2.Final

3.9.3.SP1

3.9.3.Final

3.10.0.Final

3.11.0.Final

3.11.1.Final

3.11.2.Final

3.11.3.Final

3.11.4.Final

3.11.5.Final

3.12.0.Final

3.12.1.Final

3.13.0.Final

3.13.1.Final

3.13.2.Final

3.14.0.Final

3.15.0.Alpha1

3.15.0.Final

3.15.1.Final

3.15.2.Final

3.15.3.Final

3.15.6.Final

4.*

4.0.0.Beta1

4.0.0.Beta2

4.0.0.Beta3

4.0.0.Beta4

4.0.0.Beta5

4.0.0.Beta6

4.0.0.Beta7

4.0.0.Beta8

4.0.0.CR1

4.0.0.CR2

4.0.0.CR3

4.0.0.Final

4.1.0.Final

4.1.1.Final

4.2.0.Final

4.3.0.Final

4.3.1.Final

4.4.0.CR1

4.4.0.Final

4.4.1.Final

4.4.2.Final

4.4.3.Final

4.5.0.Final

4.5.1.Final

4.5.2.Final

4.5.3.Final

4.5.4.Final

4.5.5.Final

Database specific

{
    "last_known_affected_version_range": "<= 4.5.5.Final"
}