@grpc/grpc-js: A malformed request can cause a server crash

Impact An invalid incoming HTTP/2 stream initiation can cause a server process to crash. This affects all servers created using @grpc/grpc-js. Patches The following version have fixes for this vulnerability: - 1.9.16 - 1.10.12 - 1.11.4 - 1.12.7 - 1.13.5 - 1.14.4 Workarounds There is no workaround...

GHSA-99F4-GRH7-6PCQ @grpc/grpc-js: An incoming malformed compressed message can cause a client or server crash

Impact An invalid incoming compressed message can cause a client or server process to crash. This affects all clients and servers that use @grpc/grpc-js Patches The following version have fixes for this vulnerability: - 1.9.16 - 1.10.12 - 1.11.4 - 1.12.7 - 1.13.5 - 1.14.4 Workarounds There is no...

@grpc/grpc-js: An incoming malformed compressed message can cause a client or server crash

Impact An invalid incoming compressed message can cause a client or server process to crash. This affects all clients and servers that use @grpc/grpc-js Patches The following version have fixes for this vulnerability: - 1.9.16 - 1.10.12 - 1.11.4 - 1.12.7 - 1.13.5 - 1.14.4 Workarounds There is no...

EUVD-2024-1970

Malicious code in bioql PyPI...

-temp-electron-manager-somiibo (=0.0.200), 0.extends.wechat (>=1.0.51 <=1.0.65) +20062 more potentially affected by CVE-2024-37168 via @grpc/grpc-js (>=0.1.0 <=1.8.21)

@grpc/grpc-js NPM version =0.1.0, =1.0.51, =0.1.0, =0.1.0, =5.0.0, =0.0.2, =0.0.1, =1.0.0, =1.0.1, =1.0.0, =1.0.0, =0.0.1, =0.0.1, =0.0.2 - 84447xe5t8 =1.0.0 and more Source cves: CVE-2024-37168 Source advisory: OSV:GHSA-7V5V-9H63-CJ86...

0.extends.wechat (>=1.0.51 <=1.0.65), 0perator (>=0.1.0 <=0.3.0) +16989 more potentially affected by CVE-2020-7768 via @grpc/grpc-js (>=0.1.0 <=1.1.7)

@grpc/grpc-js NPM version =0.1.0, =1.0.51, =0.1.0, =0.1.0, =5.0.0, =1.0.0, =1.0.1, =1.0.0, =1.1.0, =0.4.0, =0.1.1, =1.0.0, =0.0.1, =1.0.0, =1.0.17 and more Source cves: CVE-2020-7768 Source advisory: OSV:GHSA-PP75-XFPW-37G9...

GHSA-PP75-XFPW-37G9 Prototype pollution in grpc and @grpc/grpc-js

"The package grpc before 1.24.4 and the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition."...

0.extends.wechat (>=1.0.51 <=1.0.65), 0perator (>=0.1.0 <=0.3.0) +16481 more potentially affected by CVE-2020-7768 via @grpc/grpc-js (>=1.0.0 <=1.1.7)

@grpc/grpc-js NPM version =1.0.0, =1.0.51, =0.1.0, =0.1.0, =5.0.0, =1.0.0, =1.0.1, =1.0.0, =1.1.0, =0.4.0, =0.1.1, =1.0.0, =0.0.1, =1.0.0, =1.0.17 and more Source cves: CVE-2020-7768 Source advisory: SNYK:JS-GRPCGRPCJS-1038818...