org.apache.httpcomponents.core5:httpcore5-h2@5.3.4

latest version

5.4.2

latest non vulnerable version

5.5-alpha1

first published

9 years ago

latest version published

1 months ago

licenses detected

Apache-2.0
[5.0-alpha2,)

package registry

View on Maven Central Repository

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.apache.httpcomponents.core5:httpcore5-h2 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Denial of Service (DoS) Affected versions of this package are vulnerable to Denial of Service (DoS) due to incorrect stream accounting in the handling of server-sent stream resets. An attacker can cause excessive server resource consumption by rapidly opening streams and triggering resets using malformed frames or flow control errors, resulting in the server processing an unbounded number of concurrent streams on a single connection. How to fix Denial of Service (DoS)? Upgrade `org.apache.httpcomponents.core5:httpcore5-h2` to version 5.3.5 or higher.	[,5.3.5)

Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) due to incorrect stream accounting in the handling of server-sent stream resets. An attacker can cause excessive server resource consumption by rapidly opening streams and triggering resets using malformed frames or flow control errors, resulting in the server processing an unbounded number of concurrent streams on a single connection.

How to fix Denial of Service (DoS)?

Upgrade org.apache.httpcomponents.core5:httpcore5-h2 to version 5.3.5 or higher.

[,5.3.5)

Go back to all versions of this package