You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is a vulnerability issue in google.golang.org/grpc module, current version is v1.58.2.
We should upgrade to v1.58.3.
In old gRPC-Go version, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit.
If it's ok, i can create a PR.
The text was updated successfully, but these errors were encountered:
There is a vulnerability issue in google.golang.org/grpc module, current version is v1.58.2.
We should upgrade to v1.58.3.
In old gRPC-Go version, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit.
If it's ok, i can create a PR.
The text was updated successfully, but these errors were encountered: