search

grpc-ecosystem / go-grpc-middleware

Golang gRPC Middlewares: interceptor chaining, auth, logging, retries and more.
Apache License 2.0
6.29k stars 693 forks source link

Fix for vulnerability CVE-2023-44487 #697

Closed vkaushik closed 8 months ago

vkaushik commented 8 months ago

Changes

This change includes updating the package "google.golang.org/grpc" as a fix to following vulnerability: Vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487zThe HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

grpc fix version - https://github.com/grpc/grpc-go/releases/tag/v1.56.3

Verification

vkaushik commented 8 months ago

This was a dummy PR to trigger CI with different changes.