gRPC 0.4.0 for Node.js

CPE Details

gRPC 0.4.0 for Node.js
grpc
grpc
0.4.0
2020-12-10
18h45 +00:00
2020-12-10
18h45 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:grpc:grpc:0.4.0:*:*:*:*:node.js:*:*

Informations

Vendor

grpc

Product

grpc

Version

0.4.0

Target Software

node.js

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-32732 2023-06-09 10h48 +00:00 gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in  https://github.com/grpc/grpc/pull/32309 https://www.google.com/url
5.3
Medium
CVE-2020-7768 2020-11-11 10h20 +00:00 The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition.
9.8
Critical
CVE-2017-9431 2017-06-05 00h47 +00:00 Google gRPC before 2017-04-05 has an out-of-bounds write caused by a heap-based buffer overflow related to core/lib/iomgr/error.c.
9.8
Critical
CVE-2017-8359 2017-04-30 15h00 +00:00 Google gRPC before 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpc_call_destroy function in core/lib/surface/call.c.
9.8
Critical
CVE-2017-7860 2017-04-14 02h30 +00:00 Google gRPC before 2017-02-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the parse_unix function in core/ext/client_channel/parse_address.c.
9.8
Critical
CVE-2017-7861 2017-04-14 02h30 +00:00 Google gRPC before 2017-02-22 has an out-of-bounds write related to the gpr_free function in core/lib/support/alloc.c.
9.8
Critical