Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | node | 0, 19.0.0, 0 |
Timeline
- Mar 6, 2024 CVE Published
- Feb 11, 2026 CVE Updated
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Distribution Patch
References
- https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ url
- https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack url
- https://blog.vespa.ai/cve-2023-44487/ url
- https://bugzilla.proxmox.com/show_bug.cgi?id=4988 url
- https://bugzilla.redhat.com/show_bug.cgi?id=2242803 url
- https://bugzilla.suse.com/show_bug.cgi?id=1216123 url
- https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 url
- https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ url
- https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack url
- https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 url
- https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 url
- https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve url
- https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 url
- https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 url
- https://github.com/Azure/AKS/issues/3947 url
- https://github.com/Kong/kong/discussions/11741 url
- https://github.com/advisories/GHSA-qppj-fm5r-hxr3 url
- https://github.com/advisories/GHSA-vx74-f528-fxqg url
- https://github.com/advisories/GHSA-xpw8-rcwv-8f8p url
- https://github.com/akka/akka-http/issues/4323 url
…and 154 more