CVE-2020-14297: Uncontrolled Resource Consumption

May 24, 2022 (updated August 22, 2023)

A flaw was discovered in Wildfly’s EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable.

References

access.redhat.com/errata/RHSA-2020:3141
access.redhat.com/errata/RHSA-2020:3142
access.redhat.com/errata/RHSA-2020:3143
access.redhat.com/errata/RHSA-2020:3144
access.redhat.com/errata/RHSA-2020:3461
access.redhat.com/errata/RHSA-2020:3462
access.redhat.com/errata/RHSA-2020:3463
access.redhat.com/errata/RHSA-2020:3464
access.redhat.com/errata/RHSA-2020:3501
access.redhat.com/errata/RHSA-2020:3539
access.redhat.com/errata/RHSA-2020:3637
access.redhat.com/errata/RHSA-2020:3638
access.redhat.com/errata/RHSA-2020:3639
access.redhat.com/errata/RHSA-2020:3642
access.redhat.com/errata/RHSA-2020:3817
access.redhat.com/errata/RHSA-2021:3140
access.redhat.com/security/cve/CVE-2020-14297
access.redhat.com/solutions/21906
bugzilla.redhat.com/show_bug.cgi?id=1853595
bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14297
github.com/advisories/GHSA-qcch-9268-59jw
github.com/wildfly/jboss-ejb-client/commit/e5f8e4b591f1698a53adc7e430584ca2a8fc9f1b
github.com/wildfly/jboss-ejb-client/commits/4.0.34.Final
nvd.nist.gov/vuln/detail/CVE-2020-14297

Code Behaviors & Features

Detect and mitigate CVE-2020-14297 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →