Is gRPC C++ 1.59.5 susceptible to CVE-2024-11407?

[Erin McNulty]

Hi all,

The record for CVE-2024-11407 states that gRPC versions 1.60.0 through 1.66.1 are affected by this vulnerability, but it appears that the affected code appears on v1.59.x as well (link).

Is the record for the CVE incomplete? Or is there another factor that makes v1.59.x safe from this CVE?

Thanks,

- Erin McNulty

[Craig Tiller]

Whilst the code was certainly in the build, the experiment enabling it was disabled in 1.59 - so without extra effort to enable said experiment that version is safe.

--
You received this message because you are subscribed to the Google Groups "grpc.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+u...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/grpc-io/ab7ee579-64e0-4f46-9445-eb6495826e73n%40googlegroups.com.