(October 2023) A flaw was found in the HTTP/2 protocol where a client can repeatedly request for a new multiplex stream and immediately cancel it. As a consequence, server resources have to perform extra work setting up and tearing down the streams while not reaching any server-side limit. The result is a denial of service due to server resource consumption.
Openprise does utilize components that could be affected by the vulnerability. However, the Openprise security team has investigated the impact using a continuous vulnerability scanning tool that can specifically scan for the vulnerability and determined that the Openprise platform is not compromised.