## Security Advisory 0071 _._CSAF PDF #### **Date:** January 11th, 2022 Revision | Date | Changes ---|---|--- 1.0 | January 11th, 2022 | Initial release ### Security Advisory 0071 The CVE-ID tracki ...
Continue Reading
June 30, 2023
Learn about the security capabilities of GraphQL and gRPC, how they perform authentication/authorization, and how they compare to REST. In addition, discover common attack vectors for both API framewo ...
Continue Reading
June 20, 2023
### Impact Affected gRPC Swift servers are vulnerable to uncontrolled recursion and stack consumption when parsing certain payloads. This may lead to a denial of service. ### Patches The problem has b ...
Continue Reading
June 19, 2023
### Impact Affected gRPC Swift clients and servers are vulnerable to uncontrolled resource consumption attacks. Excessive memory may be allocated when parsing messages. This can lead to a denial of se ...
Continue Reading
June 19, 2023
### Impact Affected gRPC Swift servers are vulnerable to precondition failures when parsing certain gRPC Web requests. This may lead to a denial of service. ### Patches The problem has been fixed in 1 ...
Continue Reading
June 19, 2023
A grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This was due to incorrect logic when handling `GOAWAY` frames. The attack is low-effort: it takes very little ...
Continue Reading
June 19, 2023
This post delves into a very impactful JWT Authentication Bypass vulnerability ([CVE-2023-30845]()) found in [ESP-v2](), an open-source service proxy that provides API management capabilities using Go ...
Continue Reading
June 19, 2023
When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of ...
Continue Reading
June 16, 2023
Back to Main
