Details
-
Task
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
Description
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Base Score: 7.5 HIGH
There is a known exploit for this vulnerability, so we need to prioritise this despite it being a High severity CVE and not a critical.
https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p