3 matches found
CVE-2023-44487
CVE-2023-44487 – HTTP/2 Rapid Reset DoS Root cause: HTTP/2 stream resets can cause servers to continue processing, leading to unbounded resource consumption and potential DoS when clients rapidly cancel streams. What’s affected: Various HTTP/2 implementations and deployments, including servers, p...
CVE-2024-55886
The CVE affects OpenSearch Data Prepper (OpenTelemetry Logs source) where custom GrpcAuthenticationProvider plugins that implement getHttpAuthenticationService() instead of getAuthenticationInterceptor() fail to perform authentication, allowing unauthorized data ingestion. Affected versions: 2.1....
CVE-2025-62371
CVE-2025-62371 relates to OpenSearch Data Prepper plugins (sink/source) defaulting to a trust-all SSL configuration when no cert path is provided. This weakens certificate validation and enables MITM interception of data in transit to OpenSearch clusters. Affected versions precede 2.12.2; the iss...