A Closer Look at Recent HTTP/2 Vulnerabilities Affecting K8s and Other Implementations
A couple of weeks ago, Netflix disclosed a number of resource exhaustion vulnerabilities (identified by Jonathan Looney) present in many third party HTTP/2 implementations. Notably, this directly affected h2 endpoints in Kubernetes (GoLang libraries net/http, x/net/http2) as well as other projects like nginx. Yes, it even has a logo. Though DoS weaknesses usually aren’t particularly …