PT-2026-49532

Name of the Vulnerable Software and Affected Versions elixir-grpc versions 0.8.0 through 0.9.x Description Authenticated attackers can access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. This occurs in...

Uncaught Exception

Overview @grpc/grpc-js is a gRPC Library for Node Affected versions of this package are vulnerable to Uncaught Exception through the handling of incoming compressed messages. An attacker can cause the process to crash by sending a malformed compressed message. Remediation Upgrade @grpc/grpc-js to...

SUSE-SU-2026:22065-1 Security update for elemental-toolkit

This update for elemental-toolkit fixes the following issue - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo- header bsc1260277. Changes for elemental-toolkit: - Update to version 2.1.6: Bump golang.org/x/net to v0.55.0 bsc126716...

SUSE-SU-2026:22074-1 Security update for elemental-toolkit

This update for elemental-toolkit fixes the following issue - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo- header bsc1260277. Changes for elemental-toolkit: - Update to v2.2.9: 0e33b2bc Bump golang.org/x/net to v0.55.0...

OPENSUSE-SU-2026:20920-1 Security update for elemental-register

This update for elemental-register fixes the following issue - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260277. Changes: - Update to v1.9.2: 71d1fb9c Local node labels 984 ce6acda9 Bump golang.org/x/net to v0.55...

OPENSUSE-SU-2026:20921-1 Security update for elemental-toolkit

This update for elemental-toolkit fixes the following issue - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260277. Changes: - Update to v2.3.4: 974af043 Bump golang.org/x/net to v0.55.0 bsc1267168 bsc1251679 ae39c90...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.21.18 security and extras update

Red Hat OpenShift Container Platform release 4.21.18 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.21. Red Hat Product Security has rated this update as having a security impact of...

AZL-26922 CVE-2023-31130 affecting package grpc for versions less than 1.42.0-11

c-ares is an asynchronous resolver library. aresinetnetpton is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to...

Prototype Pollution

Overview @grpc/grpc-js is a gRPC Library for Node Affected versions of this package are vulnerable to Prototype Pollution via loadPackageDefinition. POC: const loadPackageDefinition = require'grpc'; loadPackageDefinition'proto.polluted': true; console.logpolluted; Details Prototype Pollution is a...