A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.
[
{
"vendor": "n/a",
"product": "undertow",
"versions": [
{
"version": "Fixed in 2.2.15.Final",
"status": "affected"
}
]
}
]