You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2023-44487 - High Severity Vulnerability
github.com/Microsoft/hcsshim-v0.8.7
Windows - Host Compute Service Shim
Library home page: https://proxy.golang.org/github.com/microsoft/hcsshim/@v/v0.8.7.zip
Dependency Hierarchy:
github.com/grpc/grpc-go/internal/transport-v1.23.1
The Go language implementation of gRPC. HTTP/2 based RPC
Dependency Hierarchy:
github.com/grpc/grpc-go-v1.23.1
The Go language implementation of gRPC. HTTP/2 based RPC
Library home page: https://proxy.golang.org/github.com/grpc/grpc-go/@v/v1.23.1.zip
Dependency Hierarchy:
github.com/etcd-io/etcd-v3.4.3
Distributed reliable key-value store for the most critical data of a distributed system
Dependency Hierarchy:
Found in HEAD commit: 04559d9f4a6d57d8fe5845ab7b2e53b2dca0ac76
Found in base branch: master
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Publish Date: 2023-10-10
URL: CVE-2023-44487
Base Score Metrics:
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2023-44487
Release Date: 2023-10-10
Fix Resolution: org.eclipse.jetty.http2:http2-server:9.4.53.v20231009,10.0.17,11.0.17, org.eclipse.jetty.http2:jetty-http2-server:12.0.2, org.eclipse.jetty.http2:http2-common:9.4.53.v20231009,10.0.17,11.0.17, org.eclipse.jetty.http2:jetty-http2-common:12.0.2, nghttp - v1.57.0, swift-nio-http2 - 1.28.0, io.netty:netty-codec-http2:4.1.100.Final, trafficserver - 9.2.3, org.apache.tomcat:tomcat-coyote:8.5.94,9.0.81,10.1.14, org.apache.tomcat.embed:tomcat-embed-core:8.5.94,9.0.81,10.1.14, Microsoft.AspNetCore.App - 6.0.23,7.0.12, contour - v1.26.1, proxygen - v2023.10.16.00, grpc-go - v1.56.3,v1.57.1,v1.58.3, kubernetes/kubernetes - v1.25.15,v1.26.10,v1.27.7,v1.28.3,v1.29.0, kubernetes/apimachinery - v0.25.15,v0.26.10,v0.27.7,v0.28.3,v0.29.0
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: