CVE-2017-5650: Improper Resource Shutdown or Release
(updated )
The handling of an HTTP/2 GOAWAY
frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE
before allowing the application to write more data. These waiting streams each consumed a thread. A malicious client could therefore construct a series of HTTP/2 requests that would consume all available processing threads.
References
Detect and mitigate CVE-2017-5650 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →