Twisted web servers that utilize the optional HTTP/2 support suffer from the following flow-control related vulnerabilities:
Ping flood: https://vulners.com/cve/CVE-2019-9512
Reset flood: https://vulners.com/cve/CVE-2019-9514
Settings flood: https://vulners.com/cve/CVE-2019-9515
A Twisted web server supports HTTP/2 requests if you’ve installed the http2
optional dependency set.
There are no workarounds.
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
If you have any questions or comments about this advisory: