In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client).

This is fixed in the 4.5.10 version.

Note this does not affect the Vert.x gRPC server based grpc-java and Netty libraries (Maven GAV: io.vertx:vertx-grpc)

Affected Packages

Maven io.vertx:vertx-grpc-server

Affected versions: 4.3.0 (fixed in 4.5.10)

Maven io.vertx:vertx-grpc-client

Affected versions: 4.3.0 (fixed in 4.5.10)

Related CVEs

CVE-2024-8391

Key Information

GHSA ID

GHSA-g76f-gjfx-4rpr

Published

September 4, 2024 6:30 PM

Last Modified

September 4, 2024 8:32 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

io.vertx:vertx-grpc-server

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 9, 2025 6:27 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.