Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2024-8391

UNKNOWN
Published 2024-09-04T15:27:58.478Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-8391. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client). 

This is fixed in the 4.5.10 version. 

Note this does not affect the Vert.x gRPC server based grpc-java and Netty libraries (Maven GAV: io.vertx:vertx-grpc)

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Eclipse Foundation

Eclipse Vert.x

Affected Versions:

4.3.0
eclipse_foundation

vert.x

Affected Versions:

4.3.0

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

Vertx gRPC server does not limit the maximum message size

GHSA-g76f-gjfx-4rpr

Advisory Details

In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client).  This is fixed in the 4.5.10 version.  Note this does not affect the Vert.x gRPC server based grpc-java and Netty libraries (Maven GAV: io.vertx:vertx-grpc)

Affected Packages

Maven io.vertx:vertx-grpc-server
ECOSYSTEM: ≥4.3.0 <4.5.10
Maven io.vertx:vertx-grpc-client
ECOSYSTEM: ≥4.3.0 <4.5.10

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-8391
WEB https://github.com/eclipse-vertx/vertx-grpc/issues/113
WEB https://github.com/eclipse-vertx/vertx-grpc/commit/a76b14a92410c89fcc590c5852d800b565916ccf
WEB https://github.com/eclipse-vertx/vertx-grpc
WEB https://gitlab.eclipse.org/security/cve-assignement/-/issues/31

Advisory provided by GitHub Security Advisory Database. Published: September 4, 2024, Modified: September 4, 2024

References

https://gitlab.eclipse.org/security/cve-assignement/-/issues/31
https://github.com/eclipse-vertx/vertx-grpc/issues/113
Published: 2024-09-04T15:27:58.478Z
Last Modified: 2024-09-04T17:40:20.318Z
Copied to clipboard!