At least some of this document is based on much older versions of QUIC. In particular it mentions RST_STREAM which went away by the end of 2018 in favour of RESET_STREAM.
In fact it's possible it isn't even talking about the proposed IETF protocol QUIC at all, but instead Google's QUIC ("gQUIC" in modern parlance) in which case this might as well be a paper saying the iPhone is vulnerable to an attack but it turns out it means a 1980s device named "iPhone" not the Apple product.
It certainly references a bunch of gQUIC papers, which could mean that's blind references from a hasty Google search by researchers who don't read their own references - but equally could mean they really did do this work on gQUIC.
As you know from carefully reading the paper, it states that they cloned the sites with HTrack and served them on their LAN with "Caddy Server2". Perhaps then we could guess that the version of QUIC they tested is the version of QUIC that Caddy is using: https://github.com/lucas-clemente/quic-go (v0.19.3)