Jinwoo Hwang created GEODE-10591:
------------------------------------
Summary: Remediation of CVE-2026-49268
Key: GEODE-10591
URL: https://issues.apache.org/jira/browse/GEODE-10591
Project: Geode
Issue Type: Improvement
Reporter: Jinwoo Hwang
Assignee: Jinwoo Hwang
Affected versions of this package are vulnerable to Allocation of Resources
Without Limits or Throttling due to the lack of enforced limits in the
`HPackDecoder` process. An attacker can exhaust system memory by sending
oversized compressed header blocks before the HTTP/2 SETTINGS acknowledgement
applies the configured header list size limit.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)