-
Notifications
You must be signed in to change notification settings - Fork 93
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(ghsa): add swift support (#233)
- Loading branch information
1 parent
458c4aa
commit 7255411
Showing
3 changed files
with
140 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
56 changes: 56 additions & 0 deletions
56
ghsa/testdata/swift/github.com/grpc/grpc-swift/GHSA-r6ww-5963-7r95.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
{ | ||
"Severity": "HIGH", | ||
"UpdatedAt": "2023-06-09T19:33:17Z", | ||
"Package": { | ||
"Ecosystem": "SWIFT", | ||
"Name": "https://github.com/grpc/grpc-swift.git" | ||
}, | ||
"Advisory": { | ||
"DatabaseId": 212034, | ||
"Id": "GSA_kwCzR0hTQS1yNnd3LTU5NjMtN3I5Nc4AAzxC", | ||
"GhsaId": "GHSA-r6ww-5963-7r95", | ||
"References": [ | ||
{ | ||
"Url": "https://github.com/grpc/grpc-swift/security/advisories/GHSA-r6ww-5963-7r95" | ||
}, | ||
{ | ||
"Url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24777" | ||
}, | ||
{ | ||
"Url": "https://github.com/grpc/grpc-swift/commit/858f977f2a51fca2292f384cf7a108dc2e73a3bd" | ||
}, | ||
{ | ||
"Url": "https://github.com/advisories/GHSA-r6ww-5963-7r95" | ||
} | ||
], | ||
"Identifiers": [ | ||
{ | ||
"Type": "GHSA", | ||
"Value": "GHSA-r6ww-5963-7r95" | ||
}, | ||
{ | ||
"Type": "CVE", | ||
"Value": "CVE-2022-24777" | ||
} | ||
], | ||
"Description": "A grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This was due to incorrect logic when handling `GOAWAY` frames.\n\nThe attack is low-effort: it takes very little resources to construct and send the required sequence of frames. The impact on availability is high as the server will crash, dropping all in flight connections and requests.\n\nThe issue was discovered by automated fuzz testing and is resolved by fixing the relevant state handling code.", | ||
"Origin": "UNSPECIFIED", | ||
"PublishedAt": "2023-06-09T19:33:16Z", | ||
"Severity": "HIGH", | ||
"Summary": "Denial of Service via reachable assertion", | ||
"UpdatedAt": "2023-06-19T16:45:07Z", | ||
"WithdrawnAt": "", | ||
"CVSS": { | ||
"Score": 7.5, | ||
"VectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" | ||
} | ||
}, | ||
"Versions": [ | ||
{ | ||
"FirstPatchedVersion": { | ||
"Identifier": "1.7.2" | ||
}, | ||
"VulnerableVersionRange": "\u003c 1.7.2" | ||
} | ||
] | ||
} |