The reverse proxy allows arbitrary values in pseudo-headers and the web application uses the values from an HTTP request to route the request, it leads to an SSRF vulnerability. SSRF as in Server Side Request Forgery is a vulnerability that allows an attacker to force a server into sending packets to the local interface or to another server behind the firewall. Consult Web References for more information about this problem.


Properly sanitize pseudo-headers of HTTP/2 requests


Related Vulnerabilities