Skip to content

[GEODE-10590] Remediation of CVE-2026-54428#8016

Open
JinwooHwang wants to merge 3 commits into
apache:developfrom
JinwooHwang:feature/GEODE-10590
Open

[GEODE-10590] Remediation of CVE-2026-54428#8016
JinwooHwang wants to merge 3 commits into
apache:developfrom
JinwooHwang:feature/GEODE-10590

Conversation

@JinwooHwang

Copy link
Copy Markdown
Contributor

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of enforced limits in the HPackDecoder process. An attacker can exhaust system memory by sending oversized compressed header blocks before the HTTP/2 SETTINGS acknowledgement applies the configured header list size limit.

For all changes, please confirm:

  • Is there a JIRA ticket associated with this PR? Is it referenced in the commit message?
  • Has your PR been rebased against the latest commit within the target branch (typically develop)?
  • Is your initial contribution a single, squashed commit?
  • Does gradlew build run cleanly?
  • Have you written or updated unit tests to verify your changes?
  • If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?

@JinwooHwang JinwooHwang requested a review from marinov-code July 13, 2026 13:13
@JinwooHwang JinwooHwang changed the title Remediation of CVE-2026-54428 GEODE-10590 Remediation of CVE-2026-54428 Jul 13, 2026
@JinwooHwang JinwooHwang changed the title GEODE-10590 Remediation of CVE-2026-54428 [GEODE-10590] Remediation of CVE-2026-54428 Jul 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants