ALAS-2018-1125 --- nginxID: oval:org.secpod.oval:def:1600964 | Date: (C)2018-12-19 (M)2022-08-24 |
Class: PATCH | Family: unix |
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module if the 'http2' option of the 'listen' directive is used in a configuration file. nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module if the 'http2' option of the 'listen' directive is used in a configuration file
Platform: |
Amazon Linux AMI |