Safety vulnerability ID: 61191
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Grpcio 1.53.2, 1.54.3, 1.55.3 and 1.56.2 include a fix for CVE-2023-4785: Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.
https://github.com/grpc/grpc/pull/33656
Latest version: 1.68.1
HTTP/2-based RPC framework
Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected. See CVE-2023-4785.
MISC:https://github.com/grpc/grpc/pull/33656: https://github.com/grpc/grpc/pull/33656
MISC:https://github.com/grpc/grpc/pull/33667: https://github.com/grpc/grpc/pull/33667
MISC:https://github.com/grpc/grpc/pull/33669: https://github.com/grpc/grpc/pull/33669
MISC:https://github.com/grpc/grpc/pull/33670: https://github.com/grpc/grpc/pull/33670
MISC:https://github.com/grpc/grpc/pull/33672: https://github.com/grpc/grpc/pull/33672
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application