VYPR

Grpc Node

by Grpc

Source repositories

CVEs (3)

  • CVE-2026-48068higJun 11, 2026
    risk 0.45cvss epss 0.00

    ### Impact An invalid incoming HTTP/2 stream initiation can cause a server process to crash. This affects all servers created using @grpc/grpc-js. ### Patches The following version have fixes for this vulnerability: - 1.9.16 - 1.10.12 - 1.11.4 - 1.12.7 - 1.13.5 - 1.14.4 …

  • CVE-2026-48069higJun 11, 2026
    risk 0.45cvss epss 0.00

    ### Impact An invalid incoming compressed message can cause a client or server process to crash. This affects all clients and servers that use @grpc/grpc-js ### Patches The following version have fixes for this vulnerability: - 1.9.16 - 1.10.12 - 1.11.4 - 1.12.7 - 1.13.5 …

  • CVE-2024-37168MedJun 10, 2024
    risk 0.28cvss 5.3epss 0.01

    @grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the `grpc.max_receive_message_length`…