CVE-2020-14326: Uncontrolled Resource Consumption

March 18, 2022 (updated March 21, 2022)

A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service.

References

bugzilla.redhat.com/show_bug.cgi?id=1855826
github.com/advisories/GHSA-37g7-8vjj-pjpj
github.com/resteasy/Resteasy/pull/2471
nvd.nist.gov/vuln/detail/CVE-2020-14326

Code Behaviors & Features

Detect and mitigate CVE-2020-14326 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →