denial of service from HTTP/2 Rapid Reset in google.golang.org/grpc
Discription
An attacker can send HTTP/2 requests, cancel them, and send subsequent requests. This is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit, `grpc.MaxConcurrentStreams`. This results in a denial of service due to resource consumption.Read More
References
Back to Main