Zurück zur CVE-Übersicht
CVE-2026-48068
HIGH(7.5)CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Risk Signal Score29/100 — MITTEL
- CVSS 7.5 — Hoch
- Weniger als 24 Stunden alt
Beschreibung
@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4, an invalid incoming HTTP/2 stream initiation can cause a server process created using @grpc/grpc-js to crash. This issue is fixed in versions 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4.
GitHub Advisories
GHSA-5375-pq7m-f5r2HIGH
@grpc/grpc-js: A malformed request can cause a server crash
npm/@grpc/grpc-js→ 1.9.16
GitHub AdvisoryReferenzen
- https://github.com/grpc/grpc-node/commit/058665a6c6dae445e2ab0f3f6259164fac52ee1...
- https://github.com/grpc/grpc-node/commit/1cf4bfa738b15e59cc3daf49ffa24c04f9b626f...
- https://github.com/grpc/grpc-node/commit/234f9172b2ff35e586ca7d4e788557aad598566...
- https://github.com/grpc/grpc-node/commit/455efce8acb7fb249652a74c1618a6d7daf1fab...
- https://github.com/grpc/grpc-node/commit/b1b7268f7b81b92c6f03f5128dfd871c08aeb90...
- https://github.com/grpc/grpc-node/commit/e2c035aab2fe5e55d46d5fc427481497314a53a...
- https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.10.12
- https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.11.4
- https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.12.7
- https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.13.5