GHSA-m425-mq94-257g — Vulnetix

GHSA-m425-mq94-257g PUBLISHED CVSS 7.5 HIGH

gRPC-Go HTTP/2 Rapid Reset vulnerability

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
google.golang.org	grpc	1.58.0, 0, 1.58.0
google.golang.org	grpc	0, 1.57.0, 1.58.0

Timeline

Oct 25, 2023 CVE Published
Jul 19, 2024 CVE Updated
Mar 2, 2026 Security Advisory

References

https://github.com/grpc/grpc-go/security/advisories/GHSA-m425-mq94-257g url
https://nvd.nist.gov/vuln/detail/CVE-2023-44487 vendor-advisory
https://github.com/grpc/grpc-go product
GitHub Advisory GHSA-m425-mq94-257g vendor-advisory
https://github.com/grpc/grpc-go/pull/6703 url
https://github.com/grpc/grpc-go/commit/f2180b4d5403d2210b30b93098eb7da31c05c721 url

Open in Interactive Console →

$ Console Community · 100/wk Open console ›