Medium severity5.9GHSA Advisory· Published Jan 2, 2025· Updated Apr 15, 2026
CVE-2024-8447
CVE-2024-8447
Description
A security issue was discovered in the LRA Coordinator component of Narayana. When Cancel is called in LRA, an execution time of approximately 2 seconds occurs. If Join is called with the same LRA ID within that timeframe, the application may crash or hang indefinitely, leading to a denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jboss.narayana.rts:lra-coordinator-jarMaven | < 7.1.0.Final | 7.1.0.Final |
Affected products
2Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-qq9f-q439-2574ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-8447ghsaADVISORY
- access.redhat.com/errata/RHSA-2025:3357nvdWEB
- access.redhat.com/errata/RHSA-2025:3358nvdWEB
- access.redhat.com/errata/RHSA-2025:7620nvdWEB
- access.redhat.com/security/cve/CVE-2024-8447nvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- github.com/jbosstm/narayana/commit/eb778412de230afc4687a2df43641280494156c5ghsaWEB
- github.com/jbosstm/narayana/pull/2293nvdWEB
News mentions
0No linked articles in our index yet.