Vulnerabilities in grpc - Githubissues

rules-proto-grpc / rules_proto_grpc

Bazel rules for building Protobuf and gRPC code and libraries from proto_library targets

https://rules-proto-grpc.com

Apache License 2.0

256 stars 159 forks source link

Vulnerabilities in grpc #319

Closed dannielle-bourne-privitar closed 3 months ago

dannielle-bourne-privitar commented 5 months ago

Description

The version of grpc currently used (1.54.1) has a number of critical and high CVEs. Are there plans to upgrade this?

CVE-2023-32732 Link: https://nvd.nist.gov/vuln/detail/CVE-2023-32732 CVSS: 5.3 Severity: MEDIUM CVE-2023-33953 Link: https://nvd.nist.gov/vuln/detail/CVE-2023-33953 CVSS: 7.5 Severity: HIGH CVE-2023-44487 Link: https://nvd.nist.gov/vuln/detail/CVE-2023-44487 CVSS: 7.5 Severity: HIGH CVE-2023-4785 Link: https://nvd.nist.gov/vuln/detail/CVE-2023-4785 CVSS: 7.5 Severity: HIGH

aaliddell commented 3 months ago

The 5.0.0 release has grpc 1.65.0