7 matches found
Denial Of Service (DoS)
@grpc/grpc-js is vulnerable to Denial of Service DoS. The vulnerability is due to improper message size checks becauses messages that exceed the grpc.maxreceivemessagelength are buffered or decompressed in entirety before being discarded, which can result in DoS...
CVE-2024-37168 @grpc/grpc-js can allocate memory for incoming messages well above configured limits
@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the grpc.maxreceivemessagelength channel option: If an...
CVE-2024-37168
CVE-2024-37168 affects @grpc/grpc-js (pure JavaScript implementation of gRPC). Before the fixes, two code paths could buffer or decompress messages that exceed grpc.max_receive_message_length, potentially causing memory allocation in excess of the limit. This could occur when a message arrives la...
Prototype Pollution
Overview "The package grpc before 1.24.4 and the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition." Recommendation Upgrade to version 1.1.8 or later References - CVE - GitHub Advisory...
CVE-2020-7768
The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition...
Design/Logic Flaw
The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition...
CVE-2020-7768 Prototype Pollution
The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition...