VYPR

apk package

wolfi/wavefront-proxy

pkg:apk/wolfi/wavefront-proxy

Vulnerabilities (43)

  • CVE-2023-32731Jun 9, 2023
    affected < 13.4-r1fixed 13.4-r1

    When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy an

  • CVE-2023-32732Jun 9, 2023
    affected < 13.4-r1fixed 13.4-r1

    gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recom

  • CVE-2023-1428Jun 9, 2023
    affected < 13.4-r1fixed 13.4-r1

    There exists an vulnerability causing an abort() to be called in gRPC.  The following headers cause gRPC's C++ implementation to abort() when called via http2: te: x (x != trailers) :scheme: x (x != http, https) grpclb_client_stats: x (x == anything) On top of sending one of

Page 3 of 3