What is CVE-2020-1714?

CVE-2020-1714 is a high-severity vulnerability in Quarkus, classified under Improper Input Validation. CVSS score: 8.8/10. Published 2020-05-13.

How severe is CVE-2020-1714?

High severity. CVSS v3 base score is 8.8 out of 10.

Is CVE-2020-1714 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Quarkus

CVE-2020-1714

A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.026 (83.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Quarkus
Red Hat Keycloak — versions before 11.0.0
Redhat Decision_manager — versions 7.0
Redhat Jboss_fuse — versions 7.0.0
Redhat Keycloak
Redhat Openshift_application_runtimes
Redhat Process_automation — versions 7.0
Redhat Single_sign-on — versions 7.0

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

PalindromeLabs/Java-Deserialization-CVEs

References

secalert@redhat.com (x_refsource_CONFIRM, Issue Tracking, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Third Party Advisory)

Frequently asked questions

What is CVE-2020-1714?: CVE-2020-1714 is a high-severity vulnerability in Quarkus, classified under Improper Input Validation. CVSS score: 8.8/10. Published 2020-05-13.
How severe is CVE-2020-1714?: High severity. CVSS v3 base score is 8.8 out of 10.
Is CVE-2020-1714 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.