GHSA-2jx2-qcm4-rf9h

Suggest an improvement
Source
https://github.com/advisories/GHSA-2jx2-qcm4-rf9h
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-2jx2-qcm4-rf9h/GHSA-2jx2-qcm4-rf9h.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-2jx2-qcm4-rf9h
Aliases
Published
2023-06-09T19:32:18Z
Modified
2023-11-08T04:06:12.229659Z
Summary
Incomplete Internal State Distinction in GRPCWebToHTTP2ServerCodec
Details

Impact

Affected gRPC Swift servers are vulnerable to precondition failures when parsing certain gRPC Web requests. This may lead to a denial of service.

Patches

The problem has been fixed in 1.2.0.

Workarounds

No workaround is available. Users must upgrade.

References

Affected packages

SwiftURL / github.com/grpc/grpc-swift

Package

Name
github.com/grpc/grpc-swift
Purl
pkg:swift/github.com/grpc/grpc-swift

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.0