go-grpc-compression has a zstd decompression bombing vulnerability in github.com/mostynb/go-grpc-compression

2024-06-1413:41:08

Google

osv.dev

zstd decompression bombing

vulnerability

go-grpc-compression

mostynb

github

software

7.1 High

AI Score

Confidence

Low

go-grpc-compression has a zstd decompression bombing vulnerability in github.com/mostynb/go-grpc-compression

CPENameOperatorVersion
github.com/mostynb/go-grpc-compressionlt1.2.3
github.com/mostynb/go-grpc-compressionge1.1.4

CPE	Name	Operator	Version
	github.com/mostynb/go-grpc-compression	lt	1.2.3
	github.com/mostynb/go-grpc-compression	ge	1.1.4

References

github.com/mostynb/go-grpc-compression/commit/629c44d3acb9624993cc7de629f47d72109e2ce5

github.com/mostynb/go-grpc-compression/security/advisories/GHSA-87m9-rv8p-rgmg

7.1 High

AI Score

Confidence

Low