npm package
@grpc/grpc-js
pkg:npm/%40grpc/grpc-js
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-37168 | Med | 5.3 | >= 1.10.0, < 1.10.9 | 1.10.9 | Jun 10, 2024 | @grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the `grpc.max_receive_message_length` chann | |
| CVE-2020-7768 | — | < 1.1.8 | 1.1.8 | Nov 11, 2020 | The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition. |
- affected >= 1.10.0, < 1.10.9fixed 1.10.9
@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the `grpc.max_receive_message_length` chann
- CVE-2020-7768Nov 11, 2020affected < 1.1.8fixed 1.1.8
The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition.