Moderate: Red Hat Security Advisory: Red Hat build of Quarkus 3.8.6 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...

CVE-2024-8391

A flaw was found in the gRPC server in Eclipse Vert.x, which does not limit the maximum length of the message payload. This may lead to excessive memory consumption in a server or a client, causing a denial of service. Mitigation Mitigation for this issue is either not available or the currently...

com.github.nbbrd.sdmx-dl:sdmx-dl-grpc (=3.0.0-beta.12), com.github.rebue.wheel:wheel-vertx (>=2.2.9 <=2.2.12) +173 more potentially affected by CVE-2024-8391 via io.vertx:vertx-grpc-server (>=4.3.0 <=4.5.1)

io.vertx:vertx-grpc-server MAVEN version =4.3.0, =2.2.9, =0.30.0, =0.21.0, =2.8.0, =0.2.0, =0.0.7, =0.0.7, =0.0.7, =2.7.0, =2.7.0, =2.7.0, =1.0.4, =1.0.4, =1.3.0, =2.7.0 and more Source cves: CVE-2024-8391 Source advisory: OSV:GHSA-G76F-GJFX-4RPRhttps://vulners.com/osv/OSV:GHSA-G...

GHSA-G76F-GJFX-4RPR Vertx gRPC server does not limit the maximum message size

In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client. This is fixed in the 4.5.10 version. Note this does not affect the Vert.x gRPC server based grpc-java and Netty...