GMS-2022-410: HTTP/2 DoS Attacks: Ping, Reset, and Settings Floods

March 14, 2022 (updated March 17, 2022)

Twisted web servers that utilize the optional HTTP/2 support suffer from the following flow-control related vulnerabilities.

References

github.com/advisories/GHSA-32gv-6cf3-wcmq
github.com/twisted/twisted/security/advisories/GHSA-32gv-6cf3-wcmq

Detect and mitigate GMS-2022-410 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →