Description
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Academic People List Cross-Site Scripting (0.4.1)
WordPress Plugin Bird Feeder Multiple Vulnerabilities (1.2.3)
WordPress Plugin WooCommerce SQL Injection (5.5.0)
WordPress Plugin DW Question & Answer Cross-Site Scripting (1.4.2.2)
IBM WebSEAL Incorrect Authorization Vulnerability (CVE-2023-38368)