google.golang.org/grpc - compliance vulnerability found in mc:RELEASE.2023-10-24T21-42-22Z

[Skyapip]

On scanning the mc:RELEASE.2023-10-24T21-42-22Z docker image, found the below vulnerability in it.

Type	Severity	CVSS	CVE	Package Name	Package Version	Fix Status	Grace Period
Compliance	High		GHSA-m425-mq94-257g	google.golang.org/grpc	v1.58.0	fixed in: 1.58.3, 1.57.1, 1.56.3	12 days left

Full description: ### Impact In affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit. ### Patches This vulnerability was addressed by #6703 and has been included in patch releases: 1.56.3, 1.57.1, 1.58.3. It is also included in the latest release, 1.59.0. Along with applying the patch, users should also ensure they are using the grpc.MaxConcurrentStreams server option to apply a limit to the server's resources used for any single connection. ### Workarounds None. ### References #6703

Can we fix this as soon as possible?

[klauspost]

#4731