Node.js: HTTP2 ‘unknownProtocol’ cause Denial of Service by resource exhaustion

**Summary:** Node.js http2 server is vulnerable against denial of service attacks when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. ...

Continue Reading
Prototype Pollution

## Overview "The package `grpc` before 1.24.4 and the package `@grpc/grpc-js` before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition." ## Recommendation Upgrade to version 1.1.8 ...

Continue Reading
Prototype pollution in grpc and @grpc/grpc-js

"The package grpc before 1.24.4 and the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition."Read More ...

Continue Reading
Prototype pollution in grpc and @grpc/grpc-js

"The package grpc before 1.24.4 and the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition."Read More ...

Continue Reading
What does Zero Trust mean for API security?

The old mentality of building a moat around important assets and trusting anyone or anything that is already inside the castle perimeter has failed us. Attackers have developed many techniques to jump ...

Continue Reading
CVE-2021-28682

A flaw was found in envoyproxy/envoy. An attacker, able to craft a packet which specifies a large grpc-timeout, can potentially cause envoy to incorrectly calculate the timeouts resulting in a denial ...

Continue Reading
(RHSA-2020:5634) Moderate: OpenShift Container Platform 4.7.0 packages security update

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages ...

Continue Reading
Prototype Pollution in grpc/grpc-node

# Description `grpc` native core package is vulnerable to `Prototype Pollution`. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. # Pro ...

Continue Reading

Back to Main

Subscribe for the latest news: