http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks

I'd like to report Node.js vulnerability (CVE-2024-22019) that was recently fixed: - HackerOne report: https://hackerone.com/reports/2233486 - Release notes: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases ## Impact This is a major issue because it allows unbounded resource (CPU, network bandwidth) consumption of the standard Node.js http server. The standard methods which could help blocking a malicious requests like timeouts and limiting request body size do not seem to work.