Bug 13872

Please patch CVEs for package jboss-remoting version 4.0.21
  
INFO (CVEs are): jboss-remoting 4.0.21
 cves found
CVE-2019-19343
Desc: A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote connections indefinitely may lead to denial of service. Versions before undertow 2.0.25.SP1 and jboss-remoting 5.0.14.SP1 are believed to be vulnerable.
Link: https://nvd.nist.gov/vuln/detail/CVE-2019-19343
Severity: HIGH
CVE-2020-35510
Desc: A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redhat-00001. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code, deleting the lines that send the ACK message from the EJB client code resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Link: https://nvd.nist.gov/vuln/detail/CVE-2020-35510
Severity: MEDIUM