Find and fix HTTP/2 rapid reset zero-day vulnerability CVE-2023-44487

The discovery of a novel "rapid reset" technique that leverages stream multiplexing, a feature of the widely-adopted HTTP/2 protocol, has been disclosed as a High severity vulnerability, CVE-2023-44487. This vulnerability is believed to impact every web server implementing HTTP/2 and carries the potential for extremely large volumetric DDoS attacks if exploited. To mitigate this risk, organizations are advised to check with their infrastructure and/or CDN provider to ensure they're protected, upgrade packages to remediated versions, and consider applying configuration changes and mitigations through infrastructure providers and CDNs. Snyk is not impacted by this vulnerability and offers various tools and methods to detect and remediate the HTTP/2 vulnerabilities, including testing projects locally, using the Snyk CLI, and connecting to Git repositories to raise pull requests for updates. Organizations can also use custom policies to reprioritize the severity of the vulnerability and re-test after adding custom severity policies.