Moderate severityNVD Advisory· Published Dec 8, 2020· Updated Aug 4, 2024

CVE-2020-27822

Description

A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an application uses the OpenTracing API's java-interceptors, there is a possibility of a memory leak. This flaw allows an attacker to impact the availability of the server. The highest threat from this vulnerability is to system availability.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.wildfly:wildfly-parentMaven	>= 19.0.0.Final, < 21.0.2.Final	21.0.2.Final
org.wildfly:wildfly-parentMaven	>= 22.0.0.Alpha1, < 22.0.0.Beta1	22.0.0.Beta1

Affected products

N/A/Wildflyv5
Range: 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, 21.0.0.Final

Patches

c8b02f6a0605

Merge pull request #13749 from ehsavoie/WFLY-14094

https://github.com/wildfly/wildflyBrian StansberryNov 30, 2020via ghsa

commit

1 file changed · +1 −1

pom.xml+1 −1 modified

@@ -291,7 +291,7 @@
         <version.io.netty>4.1.51.Final</version.io.netty>
         <version.io.opentracing>0.31.0</version.io.opentracing>
         <version.io.opentracing.concurrent>0.2.1</version.io.opentracing.concurrent>
-        <version.io.opentracing.interceptors>0.0.4</version.io.opentracing.interceptors>
+        <version.io.opentracing.interceptors>0.0.4.1</version.io.opentracing.interceptors>
         <version.io.opentracing.jaxrs2>0.4.1</version.io.opentracing.jaxrs2>
         <version.io.opentracing.tracerresolver>0.1.5</version.io.opentracing.tracerresolver>
         <version.io.opentracing.servlet>0.2.3</version.io.opentracing.servlet>

67ef84fd7aab

[WFLY-14094]: Potential memory leak when using opentracing.

https://github.com/wildfly/wildflyEmmanuel HugonnetNov 30, 2020via ghsa

commit

1 file changed · +1 −1

pom.xml+1 −1 modified

@@ -291,7 +291,7 @@
         <version.io.netty>4.1.51.Final</version.io.netty>
         <version.io.opentracing>0.31.0</version.io.opentracing>
         <version.io.opentracing.concurrent>0.2.1</version.io.opentracing.concurrent>
-        <version.io.opentracing.interceptors>0.0.4</version.io.opentracing.interceptors>
+        <version.io.opentracing.interceptors>0.0.4.1</version.io.opentracing.interceptors>
         <version.io.opentracing.jaxrs2>0.4.1</version.io.opentracing.jaxrs2>
         <version.io.opentracing.tracerresolver>0.1.5</version.io.opentracing.tracerresolver>
         <version.io.opentracing.servlet>0.2.3</version.io.opentracing.servlet>

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-qx3p-9mmp-4v8hghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2020-27822ghsaADVISORY
bugzilla.redhat.com/show_bug.cgighsax_refsource_CONFIRMWEB
github.com/wildfly/wildfly/commit/67ef84fd7aab789a535b137e5e506fd29d212455ghsaWEB
github.com/wildfly/wildfly/commit/c8b02f6a0605f4e2abfeaf21d28b7fe76171004bghsaWEB
github.com/wildfly/wildfly/pull/13749ghsaWEB
github.com/wildfly/wildfly/pull/13779ghsaWEB
issues.redhat.com/browse/WFLY-14094ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000