The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
HIGH Vulnerable Package issue exists @ google.golang.org/grpc in branch master
Description
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
HIGH Vulnerable Package issue exists @ google.golang.org/grpc in branch master
Vulnerability ID: CVE-2023-44487
Package Name: google.golang.org/grpc
Severity: HIGH
CVSS Score: 7.5
Publish Date: 2023-10-10T09:17:00
Current Package Version: v1.27.0
Remediation Upgrade Recommendation: v1.28.1-0.20200326223120-5581ff021b38
Link To SCA
Reference – NVD link