BIT-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.Read M ...

Continue Reading

December 15, 2023

CVE-2023-44487 affecting package grpc for versions less than 1.42.0-7

CVE-2023-44487 affecting package grpc for versions less than 1.42.0-7. A patched version of the package is...Read More ...

Continue Reading

December 15, 2023

HTTP/2 Stream Cancellation Attack

google.golang.org/grpc is vulnerable to HTTP/2 Stream Cancellation Attack. The vulnerability exists because the library does not enforce the limit of concurrently running handlers set by MaxConcurrent ...

Continue Reading

December 15, 2023

CVE-2018-25032 affecting package grpc for versions less than 1.35.0-4

CVE-2018-25032 affecting package grpc for versions less than 1.35.0-4. A patched version of the package is...Read More ...

Continue Reading

December 15, 2023

Code injection

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net. ...

Continue Reading

December 15, 2023

Exploit for Uncontrolled Resource Consumption in Ietf Http

# Golang CVE-2023-44487 testing This repository contains testin...Read More ...

Continue Reading

December 15, 2023

CVE-2022-1941 affecting package grpc 1.35.0-9

CVE-2022-1941 affecting package grpc 1.35.0-9. No patch is available...Read More ...

Continue Reading

December 15, 2023

CVE-2023-47108

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `n ...

Continue Reading

December 15, 2023

1 87 88 89 90 91 128

Back to Main
Subscribe for the latest news: