pingora is vulnerable to Resource Exhaustion
75
High Risk
Cloudflare Pingora HTTP/2 handling is vulnerable to an HPACK indexed-reference header bomb combined with response flow-control stalling. A client can send many cheap header references and keep the server from freeing per-request allocations. Affected servers can suffer remote memory exhaustion and availability loss through HTTP/2 traffic. Version 0.8.1 bounds default HTTP/2 server limits to mitigate memory exhaustion.
You are affected if you are using a version that falls within the vulnerable range and HTTP/2 is enabled.
pingora is vulnerable to Resource Exhaustion in versions 0.0.1 - 0.8.0.
Upgrade the pingora library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

I consent to receiving marketing communications based on Aikido’s Privacy Policy.
SOC 2Compliant
ISO 27001Compliant