Dark Reading - h2c Smuggling: A New 'Devastating' Kind of HTTP Request

Jake Miller's recent blog on h2c request smuggling was covered in DarkReading In the post, Jake demonstrates how upgrading HTTP/1.1 connections to lesser-known HTTP/2 over cleartext (h2c) connections can allow a bypass of reverse proxy access controls, and lead to long-lived, unrestricted HTTP traffic directly to back-end servers.

Read more here