Description
Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, incorrectly handles resetting of HTTP/2 streams with excessive complexity. This can lead to high CPU utilization when a large number of streams are reset. This can result in a DoS condition. Pomerium versions 0.14.8 and 0.15.1 contain an upgraded envoy binary with this vulnerability patched.
Remediation
References
Related Vulnerabilities
Envoy Proxy Improper Handling of Exceptional Conditions Vulnerability (CVE-2024-23325)
Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2009-1280)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-6455)
WordPress Plugin Events Search For The Events Calendar Security Bypass (1.1.3)