Description
The reverse proxy allows arbitrary values in pseudo-headers and the web application uses the values from an HTTP request to route the request, it leads to an SSRF vulnerability. SSRF as in Server Side Request Forgery is a vulnerability that allows an attacker to force a server into sending packets to the local interface or to another server behind the firewall. Consult Web References for more information about this problem.
Remediation
Properly sanitize pseudo-headers of HTTP/2 requests
References
Related Vulnerabilities
WordPress Plugin Nelio AB Testing Server-Side Request Forgery (4.5.10)
Deserialization of Untrusted Data (Java JSON Deserialization) Fastjson
WS_FTP AHT Deserialization RCE (CVE-2023-40044)
Apache Struts2 Remote Command Execution (S2-052)
WordPress Plugin PhonePe Payment Solutions Server-Side Request Forgery (1.0.15)