@grpc/grpc-js is vulnerable to Denial of Service (DoS). The vulnerability is due to improper message size checks becauses messages that exceed the grpc.max_receive_message_length are buffered or decom ...
Continue Reading
June 13, 2024
A flaw was found in OpenTelemetry Collector. When sending an HTTP or gRPC request with a compressed payload, the Collector only verifies whether the compressed payload is beyond a certain limit but no ...
Continue Reading
June 12, 2024
@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can b ...
Continue Reading
June 12, 2024
@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can b ...
Continue Reading
June 12, 2024
Impact There are two separate code paths in which memory can be allocated per message in excess of the grpc.max_receive_message_length channel option: If an incoming message has a size on the wire gr ...
Continue Reading
June 11, 2024
Impact There are two separate code paths in which memory can be allocated per message in excess of the grpc.max_receive_message_length channel option: If an incoming message has a size on the wire gr ...
Continue Reading
June 11, 2024
@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can b ...
Continue Reading
June 10, 2024
@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can b ...
Continue Reading
June 10, 2024
Back to Main
