Description
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.
Remediation
References
Related Vulnerabilities
WordPress Plugin Shortcode Redirect 'domain' Parameter Cross-Site Scripting (1.0.01)
WordPress Inadequate Encryption Strength Vulnerability (CVE-2012-6707)
WordPress Plugin Weather for us-animated weather widget Crypto Mining (1.8)
WordPress Plugin Windows Desktop and iPhone Photo Uploader Arbitrary File Upload (1.8)
Jenkins Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-2102)