Identifier

CVE-2020-13934

Package Slug

maven/org.apache.tomcat.embed/tomcat-embed-core

Vulnerability

Denial of Service

Description

h2c does not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.

Affected Versions

All versions starting from 8.5.1 up to 8.5.56, all versions starting from 9.0.0 up to 9.0.36, version 10.0.0

Solution

Upgrade to versions 8.5.57, 9.0.37 or above.

Last Modified

2020-07-20

source