2 matches found
GO-2026-4762 Authorization bypass in gRPC-Go via missing leading slash in :path in google.golang.org/grpc
Authorization bypass in gRPC-Go via missing leading slash in :path in google.golang.org/grpc...
GHSA-P77J-4MVH-X3M3 gRPC-Go has an authorization bypass via missing leading slash in :path
Impact What kind of vulnerability is it? Who is impacted? It is an Authorization Bypass resulting from Improper Input Validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted the mandatory leading slash e.g.,...