You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to grpc.io
Hey!
We have tried to find some sort of official clarification on whether/how gRPC is affected by CVE-2023-44487. Is there more information on this somewhere?
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to grpc.io
gRPC C++, Python, and Ruby will soon have a 1.59.2 patch release to address CVE-2023-44487. Thus, 1.60 or later will have this fix.
gRPC ObjC and PHP are not affected by this CVE because they do not support the server feature that has the vulnerability.
yh zhou
unread,
Oct 27, 2023, 2:48:24 AM10/27/23
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to grpc.io
Are there any POCs or steps to reproduce this vulnerability in grpc can be provided? And what operations can user take to reduce the risk of attack at present.
veb...@google.com
unread,
Nov 13, 2023, 6:29:59 PM11/13/23
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to grpc.io
We don't want to share details about how to reproduce it because it would do more harm than good. Action required here to mitigate this is to update gRPC to the version with the fix.