Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix for vulnerability CVE-2023-44487 #696

Merged
merged 2 commits into from
Feb 22, 2024
Merged

Fix for vulnerability CVE-2023-44487 #696

merged 2 commits into from
Feb 22, 2024

Commits on Feb 19, 2024

  1. Fix for vulnerability CVE-2023-44487 

    Vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2023-44487
https://nvd.nist.gov/vuln/detail/CVE-2023-44487zThe HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

grpc fix version - https://github.com/grpc/grpc-go/releases/tag/v1.56.3

This change includes updating the packgae google.golang.org/grpc as a fix to above vulnerability.
    @vkaushik
    vkaushik committed Feb 19, 2024
    Configuration menu
    Copy the full SHA
    763bf46 View commit details
    Browse the repository at this point in the history

Commits on Feb 22, 2024

  1. update examples dir to fix CI

    @vkaushik
    vkaushik committed Feb 22, 2024
    Configuration menu
    Copy the full SHA
    9192bb4 View commit details
    Browse the repository at this point in the history