GHSA-m86m-5m44-pc93

Source

https://github.com/advisories/GHSA-m86m-5m44-pc93

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-m86m-5m44-pc93/GHSA-m86m-5m44-pc93.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-m86m-5m44-pc93

Published

2020-09-03T19:05:46Z

Modified

2020-08-31T18:47:07Z

Summary

Denial of Service in grpc-ts-health-check

Details

Versions of grpc-ts-health-check prior to 2.0.0 are vulnerable to Denial of Service. The package exposes an API endpoint that may allow attackers to set the service's health status to failing. This can lead to Denial of Service as Kubernetes blocks traffic to services with a failing status.

Recommendation

Upgrade to version 2.0.0 or later.

Database specific

{
    "github_reviewed": true,
    "github_reviewed_at": "2020-08-31T18:47:07Z",
    "nvd_published_at": null,
    "severity": "LOW",
    "cwe_ids": []
}

References

https://www.npmjs.com/advisories/1097

Affected packages

npm / grpc-ts-health-check

Package

Name: grpc-ts-health-check; View open source insights on deps.dev
Purl: pkg:npm/grpc-ts-health-check

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-m86m-5m44-pc93/GHSA-m86m-5m44-pc93.json"