google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 :path pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed :path that omits the mandato...

Azure Linux 3.0 Security Update: c-ares / fluent-bit / grpc / nodejs / nodejs18 / python-gevent (CVE-2024-25629)

The version of c-ares / fluent-bit / grpc / nodejs / nodejs18 / python-gevent installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-25629 advisory. - c-ares is a C library for asynchronous DNS requests...