libgrpc.so is vulnerable to Information Disclosure. The vulnerability is due to an error status for a misencoded header not cleared between header reads, resulting in subsequent (incrementally indexed) added headers in the first request being poisoned until cleared from the HPACK table. This can be exploited to poison the HPACK table between the proxy and the backend such that other clients see failed requests and also to leak other clients HTTP header keys, but not…Read More