trafficserver is vulnerable to privilege escalation. The vulnerability exists due to the improper input validation in the HTTP/2 requests, allowing an attacker to create smuggle or cache poison attacks through the malicious HTTP/2 requests.
lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJ67IWD5PRJUOIYIDJRUG3UMS2UF4X4J/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCSBQBYPOZSWS5LCOAQ6LJLRLXFIAW5A/
lists.fedoraproject.org/archives/list/[email protected]/message/CJ67IWD5PRJUOIYIDJRUG3UMS2UF4X4J/
lists.fedoraproject.org/archives/list/[email protected]/message/ZCSBQBYPOZSWS5LCOAQ6LJLRLXFIAW5A/
security-tracker.debian.org/tracker/CVE-2022-25763
www.debian.org/security/2022/dsa-5206