You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in grpc/grpc#32309https://www.google.com/url
CVE-2023-32732 - Medium Severity Vulnerability
Vulnerable Library - grpcv1.20.0-pre3
The C based gRPC (C++, Python, Ruby, Objective-C, PHP, C#)
Library home page: https://github.com/grpc/grpc.git
Found in base branch: master
Vulnerable Source Files (2)
/node_modules/grpc/deps/grpc/src/core/ext/transport/chttp2/transport/internal.h
/node_modules/grpc/deps/grpc/src/core/ext/transport/chttp2/transport/internal.h
Vulnerability Details
gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for
-bin
suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in grpc/grpc#32309 https://www.google.com/urlPublish Date: 2023-06-09
URL: CVE-2023-32732
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2023-06-09
Fix Resolution: v1.53.0
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: