Closed m-tanner closed 10 months ago
Describe the bug The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Additional context https://nvd.nist.gov/vuln/detail/CVE-2023-44487
this was fixed in https://github.com/twitter/finagle/commit/cfe398416da37216fd344735d2278eca2d623452
mattdickinson5
commented
10 months ago
Describe the bug The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Additional context https://nvd.nist.gov/vuln/detail/CVE-2023-44487