CVE-2024-5469

DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC...Read More ...

Continue Reading
CVE-2024-5469

DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC...Read More ...

Continue Reading
CVE-2024-37168 @grpc/grpc-js can allocate memory for incoming messages well above configured limits

@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can b ...

Continue Reading
Denial Of Service (DoS)

@grpc/grpc-js is vulnerable to Denial of Service (DoS). The vulnerability is due to improper message size checks becauses messages that exceed the grpc.max_receive_message_length are buffered or decom ...

Continue Reading
CVE-2024-36129

A flaw was found in OpenTelemetry Collector. When sending an HTTP or gRPC request with a compressed payload, the Collector only verifies whether the compressed payload is beyond a certain limit but no ...

Continue Reading
CVE-2024-37168

@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can b ...

Continue Reading
CVE-2024-37168

@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can b ...

Continue Reading
@grpc/grpc-js can allocate memory for incoming messages well above configured limits

Impact There are two separate code paths in which memory can be allocated per message in excess of the grpc.max_receive_message_length channel option: If an incoming message has a size on the wire gr ...

Continue Reading

Back to Main

Subscribe for the latest news: