Lucene search
K

7 matches found

Veracode
Veracode
added 2024/06/12 7:45 a.m.22 views

Denial Of Service (DoS)

@grpc/grpc-js is vulnerable to Denial of Service DoS. The vulnerability is due to improper message size checks becauses messages that exceed the grpc.maxreceivemessagelength are buffered or decompressed in entirety before being discarded, which can result in DoS...

5.3CVSS6.6AI score0.00671EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/06/10 9:32 p.m.43 views

CVE-2024-37168 @grpc/grpc-js can allocate memory for incoming messages well above configured limits

@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the grpc.maxreceivemessagelength channel option: If an...

5.3CVSS0.00671EPSS
Exploits0References4
CVE
CVE
added 2024/06/10 9:32 p.m.359 views

CVE-2024-37168

CVE-2024-37168 affects @grpc/grpc-js (pure JavaScript implementation of gRPC). Before the fixes, two code paths could buffer or decompress messages that exceed grpc.max_receive_message_length, potentially causing memory allocation in excess of the limit. This could occur when a message arrives la...

5.3CVSS5.1AI score0.00671EPSS
Exploits0References4
Node.js
Node.js
added 2021/05/10 7:18 p.m.84 views

Prototype Pollution

Overview "The package grpc before 1.24.4 and the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition." Recommendation Upgrade to version 1.1.8 or later References - CVE - GitHub Advisory...

5CVSS5.2AI score0.03554EPSS
Exploits0Affected Software1
OSV
OSV
added 2020/11/11 11:15 a.m.32 views

CVE-2020-7768

The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition...

9.8CVSS6.6AI score
Exploits0References5
Prion
Prion
added 2020/11/11 11:15 a.m.22 views

Design/Logic Flaw

The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition...

5CVSS9.3AI score0.03554EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2020/11/11 10:20 a.m.44 views

CVE-2020-7768 Prototype Pollution

The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition...

7.5CVSS9.5AI score0.03554EPSS
Exploits0References5
Rows per page
Query Builder