Zurück zur CVE-Übersicht
CVE-2026-48069
HIGH(7.5)CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Risk Signal Score29/100 — MITTEL
- CVSS 7.5 — Hoch
- Weniger als 24 Stunden alt
Beschreibung
@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4, an invalid incoming compressed message can cause a client or server process that uses @grpc/grpc-js to crash. This issue is fixed in versions 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4.
GitHub Advisories
GHSA-99f4-grh7-6pcqHIGH
@grpc/grpc-js: An incoming malformed compressed message can cause a client or server crash
npm/@grpc/grpc-js→ 1.9.16
GitHub AdvisoryReferenzen
- https://github.com/grpc/grpc-node/commit/2375eadcc52ca2b1ef55288bcd6355168b02706...
- https://github.com/grpc/grpc-node/commit/2fe55fd76a8bb59eaab5f39e3552b5f84985a16...
- https://github.com/grpc/grpc-node/commit/4091bd902105f8fb655741758aee71418c48b5d...
- https://github.com/grpc/grpc-node/commit/b3f16094473b5c8f38b0955eafa4a1950712734...
- https://github.com/grpc/grpc-node/commit/b61c4d65953db85c2ae55b4b3cd98a4259dc87c...
- https://github.com/grpc/grpc-node/commit/b6dcfc3cee9ef390e5869ebea5a8c5ae187720b...
- https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.10.12
- https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.11.4
- https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.12.7
- https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.13.5