GitHub - lirantal/CVE-2024-27983-nodejs-http2: CVE-2024-27983 this repository builds up a vulnerable HTTP2 Node.js server (`server-nossl.js`) based on CVE-2024-27983 which exploits a continuation flood vulnerability in HTTP2 servers.

This repository builds up a vulnerable HTTP2 Node.js server (server-nossl.js) based on CVE-2024-27983 which exploits a continuation flood vulnerability in HTTP2 servers.

Notes:

server.js is found not vulnerable due to the use of SSL certificates.
server-nossl.js is vulnerable to the continuation flood attack.
client.js is a small client script to test the HTTP2 server.
exploits/ contains the exploit code for the vulnerability based on the HackerOne report.

Name		Name	Last commit message	Last commit date
Latest commit History 1 Commit
exploit		exploit
.gitignore		.gitignore
Dockerfile		Dockerfile
LICENSE		LICENSE
README.md		README.md
client.js		client.js
fastify-stock-server.js		fastify-stock-server.js
localhost-cert.pem		localhost-cert.pem
localhost-privkey.pem		localhost-privkey.pem
package.json		package.json
server-nossl.js		server-nossl.js
server.js		server.js
start.sh		start.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

About

Releases

Packages

Languages

License

lirantal/CVE-2024-27983-nodejs-http2

Folders and files

Latest commit

History

Repository files navigation

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages