Cross-Site Request Forgery (CSRF)

github.com/mittwald/kube-httpcache is vulnerable to cross-site request forgery. The vulnerability exists when the HTTP/2 protocol is turned on, allowing an attacker to introduce characters through the HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the...

varnish -- HTTP/2 Request Forgery Vulnerability

Varnish Cache Project reports: A request forgery attack can be performed on Varnish Cache servers that have the HTTP/2 protocol turned on. An attacker may introduce characters through the HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server t...