google.golang.org/grpc is vulnerable to HTTP/2 Stream Cancellation Attack. The vulnerability exists because the library does not enforce the limit of concurrently running handlers set by MaxConcurrent ...
Continue Reading
December 15, 2023
Imperva named an Overall Leader We're thrilled to share that Imperva has achieved the prestigious status of Overall Leader in the KuppingerCole Leadership Compass: API Security and Management rep ...
Continue Reading
December 15, 2023
Lack of error handling in the TCP server in Google's gRPC starting ver ...Read More ...
Continue Reading
December 15, 2023
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.Read M ...
Continue Reading
December 15, 2023
Hi, Spring fans! Welcome to another installment of _This Week in Spring_ - **Java 21 edition**! The big news, indeed, the _biggest_ news, is that Java 21 is now available here! You should use [SDKMAN] ...
Continue Reading
December 15, 2023
Summary Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated. Vulnerability Details ** CVEID: CVE-2023-1370 DESCRIPTION: **netplex json-smart-v2 is vulnerable to a denial of ...
Continue Reading
December 15, 2023
An attacker can send HTTP/2 requests, cancel them, and send subsequent requests. This is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than ...
Continue Reading
December 15, 2023
## Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of gRPC. ## Vulnerability Details ** CVEID: **[CVE-2023-33953]() ** DESCRIPTION: **gRPC is vulnerable ...
Continue Reading
December 15, 2023
Back to Main
