Description
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.
Remediation
References
Related Vulnerabilities
WordPress Plugin uContext for Amazon Cross-Site Request Forgery (3.9.1)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-7531)
TwistedHTTP Request Splitting Vulnerability (CVE-2020-10108)
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-39124)