## Overview "The package `grpc` before 1.24.4 and the package `@grpc/grpc-js` before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition." ## Recommendation Upgrade to version 1.1.8 ...
Continue Reading
May 30, 2022
A flaw was found in envoyproxy/envoy. An attacker, able to craft a packet which specifies a large grpc-timeout, can potentially cause envoy to incorrectly calculate the timeouts resulting in a denial ...
Continue Reading
May 30, 2022
GRPC for low-memory environments. The existing grpc-go project requires a lot of memory overhead for importing packages and at runtime. While this is great for many services with low den sity require ...
Continue Reading
May 30, 2022
An Improper Privilege Management vulnerability in the gRPC framework, used by the Juniper Extension Toolkit (JET) API on Juniper Networks Junos OS and Junos OS Evolved, allows a network-based, low-pri ...
Continue Reading
May 30, 2022
Extensible Service Proxy, a.k.a. ESP is a proxy which enables API management capabilities for JSON/REST or gRPC API services. ESPv1 can be configured to authenticate a JWT token. Its verified JWT clai ...
Continue Reading
May 30, 2022
An out-of-bounds memory read vulnerability was found in envoyproxy/envoy. When using one of the following envoy extensions, it is possible to modify and increase the request or response body size of t ...
Continue Reading
May 30, 2022
LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier allocates buffers of arbitrary length, which allows remote attackers to cause uncontrolled resource consumption and deny service.Read More ...
Continue Reading
May 30, 2022
HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows remote attackers to deny service via the delivery of many small messages within a single HTTP/2 frame, leading to Uncontrolled Recursio ...
Continue Reading
May 30, 2022
Back to Main
