gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in https://github.com/grpc/grpc/pull/32309 https://www.google.com/url
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| io.grpc:grpc-protobuf(Maven) | 1.53.0 | 1.53.1 | N/A |
| grpcio(PyPI) | 1.53.0 | 1.53.1 | N/A |
| grpc(RubyGems) | 1.53.0 | 1.53.1 | N/A |
| io.grpc:grpc-protobuf(Maven) | 1.54.0 | 1.54.2 | N/A |
| grpcio(PyPI) | 1.54.0 | 1.54.2 | N/A |
| grpc(RubyGems) | 1.54.0 | 1.54.2 | N/A |
CVSS Metrics
