Описание
Incomplete Internal State Distinction in GRPCWebToHTTP2ServerCodec
Impact
Affected gRPC Swift servers are vulnerable to precondition failures when parsing certain gRPC Web requests. This may lead to a denial of service.
Patches
The problem has been fixed in 1.2.0.
Workarounds
No workaround is available. Users must upgrade.
Пакеты
Наименование
github.com/grpc/grpc-swift
Затронутые версииВерсия исправления
< 1.2.0
1.2.0
EPSS
Процентиль: 80%
0.01361
Низкий
CVE ID
Связанные уязвимости
CVSS3: 7.5
nvd
больше 4 лет назад
Mismanaged state in GRPCWebToHTTP2ServerCodec.swift in gRPC Swift 1.1.0 and 1.1.1 allows remote attackers to deny service by sending malformed requests.
EPSS
Процентиль: 80%
0.01361
Низкий