CVE-2020-11996: Uncontrolled Resource Consumption

June 26, 2020 (updated July 21, 2021)

A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.

References

nvd.nist.gov/vuln/detail/CVE-2020-11996

Code Behaviors & Features

Detect and mitigate CVE-2020-11996 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →