CVE-2018-25032 affecting package grpc for versions less than 1.35.0-4. A patched version of the package is...Read More ...
Continue Reading15 декабря, 2023
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc is vulnerable to Denial of Service. The vulnerability is caused by the grpc unary server interceptor having out of the box l ...
Continue Reading15 декабря, 2023
Libraries that implement HTTP/2 are vulnerable to Denial Of Service (DoS). The vulnerability could be exploited by attackers via sending a large number of HTTP/2 requests to a vulnerable server, then ...
Continue Reading15 декабря, 2023
## Summary This fix upgrades to node 18.18.0 and grpc 1.58.0. ## Vulnerability Details ** CVEID: **[CVE-2023-4785]() ** DESCRIPTION: **Google gRPC is vulnerable to a denial of service, caused by a lac ...
Continue Reading15 декабря, 2023
google.golang.org/grpc is vulnerable to HTTP/2 Stream Cancellation Attack. The vulnerability exists because the library does not enforce the limit of concurrently running handlers set by MaxConcurrent ...
Continue Reading15 декабря, 2023
CVE-2023-44487 affecting package grpc for versions less than 1.42.0-7. A patched version of the package is...Read More ...
Continue Reading15 декабря, 2023
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.Read M ...
Continue Reading15 декабря, 2023
A memory exhaustion flaw was found in the otelgrpc handler of open-telemetry. This flaw may allow a remote unauthenticated attacker to flood the peer address and port and exhaust the server's mem ...
Continue Reading15 декабря, 2023
Back to Main