Description
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.
Remediation
References
Related Vulnerabilities
Oracle Application Server CVE-2009-0990 Vulnerability (CVE-2009-0990)
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-2890)
WordPress Plugin Category Grid View Gallery TimThumb Arbitrary File Upload (0.1.1)
WordPress Plugin Namaste! LMS Cross-Site Scripting (2.5.9.3)