VYPR
Moderate severityNVD Advisory· Published Sep 4, 2024· Updated Sep 4, 2024

Eclipse Vert.x gRPC server does not limit the maximum message size

CVE-2024-8391

Description

In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client).

This is fixed in the 4.5.10 version.

Note this does not affect the Vert.x gRPC server based grpc-java and Netty libraries (Maven GAV: io.vertx:vertx-grpc)

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
io.vertx:vertx-grpc-serverMaven
>= 4.3.0, < 4.5.104.5.10
io.vertx:vertx-grpc-clientMaven
>= 4.3.0, < 4.5.104.5.10

Affected products

3

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.