GHSA-25xr-qj8w-c4vf: Apache Tomcat Coyote vulnerable to Denial of Service via excessive HTTP/2 streams

GHSA-4j3c-42xv-3f84: Apache Tomcat Utilities is vulnerable to resource exhaustion when using the APR/Native connector

GHSA-wr62-c79q-cv37: Apache Tomcat Catalina is vulnerable to DoS attack through bypassing of size limits

GHSA-ggmv-j932-q89q: Chall-Manager's HTTP Gateway is vulnerable to DoS due to missing header timeout

GHSA-r7fm-3pqm-ww5w: Chall-Manager's scenario decoding process does not check for zip bombs

### Impact

Calling `fetch(url)` and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak. 

### Patches

Patched in v6.6.1

### Workarounds

Make sure to always consume the incoming body.


**fetch(url) leads to a memory leak in undici**

Moderate severity GitHub Reviewed Published Feb 16, 2024 in nodejs/undici • Updated Feb 16, 2024

Headline

GHSA-9f24-jqhm-jfcw: fetch(url) leads to a memory leak in undici

Impact

Patches

Workarounds

ghsa: Latest News