An attacker can send HTTP/2 requests, cancel them, and send subsequent requests. This is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than ...
Continue Reading
December 15, 2023
Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant nu ...
Continue Reading
December 15, 2023
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12781 advisory. - Envoy is an open source edge and service proxy de ...
Continue Reading
December 15, 2023
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12780 advisory. - Envoy is an open source edge and service proxy de ...
Continue Reading
December 15, 2023
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. **Rec ...
Continue Reading
December 15, 2023
## Summary This fix upgrades to node 18.18.0 and grpc 1.58.0. ## Vulnerability Details ** CVEID: **[CVE-2023-4785]() ** DESCRIPTION: **Google gRPC is vulnerable to a denial of service, caused by a lac ...
Continue Reading
December 15, 2023
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-8570e0055b advisory. gRPC contains a vulnerability whereby a client can cause a ...
Continue Reading
December 15, 2023
## Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of gRPC. ## Vulnerability Details ** CVEID: **[CVE-2023-33953]() ** DESCRIPTION: **gRPC is vulnerable ...
Continue Reading
December 15, 2023
Back to Main
