nginx is vulnerable to Resource Exhaustion
75
High Risk
nginx HTTP/2 request handling does not cap the number of request header fields independently from decoded header size. A client can use HPACK indexed references to send many tiny header fields cheaply, then stall the response stream so per-request allocations remain live. Pre-fix servers can suffer remote memory exhaustion and availability loss from a small number of HTTP/2 connections. The fix adds the max_headers directive with a default limit and rejects requests that exceed it.
You are affected if you are using a version that falls within the vulnerable range and HTTP/2 is enabled.
nginx is vulnerable to Resource Exhaustion in versions 1.9.5 - 1.29.7.
Upgrade the nginx library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

I consent to receiving marketing communications based on Aikido’s Privacy Policy.
SOC 2Compliant
ISO 27001Compliant