An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.0.x to 8.5.56 and 7.x did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.
HIGH Vulnerable Package issue exists @ org.apache.tomcat:tomcat-coyote in branch ${basename
Description
An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.0.x to 8.5.56 and 7.x did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.
HIGH Vulnerable Package issue exists @ org.apache.tomcat:tomcat-coyote in branch ${basename
Vulnerability ID: CVE-2020-13934
Package Name: org.apache.tomcat:tomcat-coyote
Severity: HIGH
CVSS Score: 7.5
Publish Date: 2020-07-14T15:15:00
Current Package Version: 9.0.22
Remediation Upgrade Recommendation: 9.0.48
Link To SCA
Reference – NVD link