Moderate severityNVD Advisory· Published Sep 4, 2024· Updated Sep 4, 2024
Eclipse Vert.x gRPC server does not limit the maximum message size
CVE-2024-8391
Description
In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client).
This is fixed in the 4.5.10 version.
Note this does not affect the Vert.x gRPC server based grpc-java and Netty libraries (Maven GAV: io.vertx:vertx-grpc)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.vertx:vertx-grpc-serverMaven | >= 4.3.0, < 4.5.10 | 4.5.10 |
io.vertx:vertx-grpc-clientMaven | >= 4.3.0, < 4.5.10 | 4.5.10 |
Affected products
3- ghsa-coords2 versions
>= 4.3.0, < 4.5.10+ 1 more
- (no CPE)range: >= 4.3.0, < 4.5.10
- (no CPE)range: >= 4.3.0, < 4.5.10
- Eclipse Foundation/Eclipse Vert.xv5Range: 4.3.0
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-g76f-gjfx-4rprghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-8391ghsaADVISORY
- github.com/eclipse-vertx/vertx-grpc/commit/a76b14a92410c89fcc590c5852d800b565916ccfghsaWEB
- github.com/eclipse-vertx/vertx-grpc/issues/113ghsaWEB
- gitlab.eclipse.org/security/cve-assignement/-/issues/31ghsaWEB
News mentions
0No linked articles in our index yet.