### Impact In affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause th ...
Continue Reading
December 15, 2023
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.Read M ...
Continue Reading
December 15, 2023
CVE-2023-44487 affecting package grpc for versions less than 1.42.0-7. A patched version of the package is...Read More ...
Continue Reading
December 15, 2023
google.golang.org/grpc is vulnerable to HTTP/2 Stream Cancellation Attack. The vulnerability exists because the library does not enforce the limit of concurrently running handlers set by MaxConcurrent ...
Continue Reading
December 15, 2023
CVE-2018-25032 affecting package grpc for versions less than 1.35.0-4. A patched version of the package is...Read More ...
Continue Reading
December 15, 2023
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net. ...
Continue Reading
December 15, 2023
# Golang CVE-2023-44487 testing This repository contains testin...Read More ...
Continue Reading
December 15, 2023
CVE-2022-1941 affecting package grpc 1.35.0-9. No patch is available...Read More ...
Continue Reading
December 15, 2023
Back to Main
