什么是“python优先级库”?

2021-10-17 17:05:06 发布

您现在位置:Python中文网/ 问答频道 /正文

我正在评估我正在工作的项目是否受到cve列表的影响,包括CVE-2016-6580。你知道吗

弱点是。。。你知道吗

A HTTP/2 implementation built using any version of the Python priority library prior to version 1.2.0 could be targeted by a malicious peer by having that peer assign priority information for every possible HTTP/2 stream ID. The priority tree would happily continue to store the priority information for each stream, and would therefore allocate unbounded amounts of memory. Attempting to actually use a tree like this would also cause extremely high CPU usage to maintain the tree.

什么是“Python优先级库”?我想去,但该项目似乎是完全未知的,除了被提到在特定的CVE。你知道吗

有人知道更多的信息吗?你知道吗