This page collects WhisperX intelligence signals tagged #http2. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical security vulnerability in the OpenBao Secrets Operator's main branch exposes systems to a resource exhaustion attack. The flaw, identified as GO-2024-2687, allows a malicious actor to force an HTTP/2 endpoint to process arbitrary, excessive amounts of header data by bombarding it with CONTINUATION frames. Th...
A critical security flaw in the OpenBao Secrets Operator's main branch exposes systems to a resource exhaustion attack via the HTTP/2 protocol. The vulnerability, identified as GO-2024-2687, allows a malicious actor to force an HTTP/2 endpoint to parse and process "arbitrary amounts" of header data by bombarding it wit...
A critical vulnerability in the widely used `golang.org/x/net` library allows a simple HTTP/2 request to crash Go-based servers. The flaw, tracked as CVE-2026-27141 (GO-2026-4559), stems from a missing nil check in the HTTP/2 frame handling code. Specifically, sending frames with type codes between 0x0a and 0x0f will t...
A critical security flaw in the OpenBao Secrets Operator's main branch exposes systems to a resource exhaustion attack. The vulnerability, identified as GO-2024-2687, allows a malicious actor to force an HTTP/2 endpoint to parse and decode arbitrary amounts of header data by sending an excessive stream of CONTINUATION ...
An internal security scan has flagged a newly identified vulnerability within the Apache HttpComponents HttpCore library, specifically affecting its HTTP/2 implementation. The security issue was introduced in version 6.3.3, raising immediate concerns for any systems or applications that have recently updated to this re...
OpenBao Secrets Operator 项目的主分支代码库中,发现了一个可被利用的严重安全漏洞。漏洞追踪编号为 GO-2024-2687,存在于多个核心依赖中,包括 `golang.org/x/net` 等。攻击者通过向 HTTP/2 端点发送过量的 CONTINUATION 帧,可以强制服务器读取任意数量的头部数据,从而可能耗尽服务器资源或导致服务中断。该漏洞的威胁级别为“可触及”,意味着在现有代码路径中存在被利用的风险。 具体而言,该漏洞源于 HTTP/2 协议实现中对 CONTINUATION 帧的处理缺陷。为了维护 HPACK 状态,服务器必须解析和处理连接上的所有 HEADERS 和 CONTINUATION ...
The Apache Software Foundation has released security patches addressing a vulnerability in its HTTP Server product, specifically affecting HTTP/2 protocol handling. Tracked as CVE-2026-23918 with a CVSS score of 8.8, the flaw stems from a double-free memory error that could potentially allow remote code execution, alon...
Security researchers have flagged a CVE-classified vulnerability, tracked as CVE-2026-33871, affecting the netty-codec-http2 library version 4.1.127.Final used within the Alfresco Azure Connector. The flaw, identified under the internal tracking code PRODSEC-11536, centers on a vulnerability in Netty's HTTP/2 codec imp...
A critical authorization bypass vulnerability in google.golang.org/grpc has been patched, requiring immediate upgrades from v1.75.1 to v1.79.3. Tracked as CVE-2026-33186 and GHSA-p77j-4mvh-x3m3, the flaw allows attackers to bypass authorization checks through improper validation of the HTTP/2 `:path` pseudo-header. Th...