{"api_version":"1","generated_at":"2026-04-23T02:35:45+00:00","cve":"CVE-2020-14326","urls":{"html":"https://cve.report/CVE-2020-14326","api":"https://cve.report/api/cve/CVE-2020-14326.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-14326","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-14326"},"summary":{"title":"CVE-2020-14326","description":"A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2021-06-02 12:15:00","updated_at":"2022-07-15 17:38:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1855826","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1855826","refsource":"MISC","tags":[],"title":"1855826 – (CVE-2020-14326) CVE-2020-14326 RESTEasy: Caching routes in RootNode may result in DoS","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.netapp.com/advisory/ntap-20210713-0001/","name":"https://security.netapp.com/advisory/ntap-20210713-0001/","refsource":"CONFIRM","tags":[],"title":"CVE-2020-14326 RESTEasy Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-14326","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14326","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"14326","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"oncommand_insight","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14326","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"integration_camel_k","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14326","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"resteasy","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-14326","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"RESTEasy","version":{"version_data":[{"version_value":"RESTEasy 4.5.6.Final"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-400"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1855826","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1855826"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20210713-0001/","url":"https://security.netapp.com/advisory/ntap-20210713-0001/"}]},"description":{"description_data":[{"lang":"eng","value":"A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service."}]}},"nvd":{"publishedDate":"2021-06-02 12:15:00","lastModifiedDate":"2022-07-15 17:38:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2.0","versionEndExcluding":"4.5.6","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"14326","Ordinal":"175556","Title":"CVE-2020-14326","CVE":"CVE-2020-14326","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"14326","Ordinal":"1","NoteData":"A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"14326","Ordinal":"2","NoteData":"2021-06-02","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"14326","Ordinal":"3","NoteData":"2021-07-13","Type":"Other","Title":"Modified"}]}}}