The version of ecs-service-connect-agent installed on the remote host is prior to v1.27.0.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2023-007 advisory. ...
Continue ReadingDecember 15, 2023
google.golang.org/grpc is vulnerable to HTTP/2 Stream Cancellation Attack. The vulnerability exists because the library does not enforce the limit of concurrently running handlers set by MaxConcurrent ...
Continue ReadingDecember 15, 2023
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...
Continue ReadingDecember 15, 2023
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net. ...
Continue ReadingDecember 15, 2023
CVE-2023-44487 affecting package grpc for versions less than 1.42.0-7. A patched version of the package is...Read More ...
Continue ReadingDecember 15, 2023
### Impact In affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause th ...
Continue ReadingDecember 15, 2023
swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-n ...
Continue ReadingDecember 15, 2023
Hi, Spring fans! Welcome to another installment of _This Week in Spring_ - **Java 21 edition**! The big news, indeed, the _biggest_ news, is that Java 21 is now available here! You should use [SDKMAN] ...
Continue ReadingDecember 15, 2023
Back to Main