From 7063adbe0861e7d1c9b1666633cbccf8b1907909 Mon Sep 17 00:00:00 2001 From: Tom McCollough <35183135+chainsaw2k@users.noreply.github.com> Date: Wed, 17 Jul 2024 14:17:28 -0600 Subject: [PATCH] docs: update ghsa-m425-mq94-257g.md (#3399) * Update ghsa-m425-mq94-257g.md * chore: typo fix --------- Co-authored-by: Karl Cardenas --- .../security-bulletins/reports/ghsa-m425-mq94-257g.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/docs-content/security-bulletins/reports/ghsa-m425-mq94-257g.md b/docs/docs-content/security-bulletins/reports/ghsa-m425-mq94-257g.md index b842baff81..42147f6031 100644 --- a/docs/docs-content/security-bulletins/reports/ghsa-m425-mq94-257g.md +++ b/docs/docs-content/security-bulletins/reports/ghsa-m425-mq94-257g.md @@ -12,6 +12,6 @@ tags: ["security", "cve"] We provide the most up-to-date information below. -| CVE ID | Last Update | NIST CVE Summary | Our Official Summary | CVE Severity | Status | -| ------------------------------------------------------------------------ | ----------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------- | ------- | -| [GHSA-m425-mq94-257g](https://github.com/advisories/GHSA-m425-mq94-257g) | 10/25/23 | The affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit. | CCVE exists in coredns that’s being used in k8s 1.28.11. Affects only k8s version 1.28.11. For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+. | [7.5](https://github.com/advisories/GHSA-m425-mq94-257g) | Ongoing | +| CVE ID | Last Update | NIST CVE Summary | Our Official Summary | CVE Severity | Status | +| ------------------------------------------------------------------------ | ----------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------------------------------------------------- | ------- | +| [GHSA-m425-mq94-257g](https://github.com/advisories/GHSA-m425-mq94-257g) | 10/25/23 | The affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit. | CVE exists in coredns that’s being used in k8s 1.28.11. Affects only k8s version 1.28.11. For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+. | [7.5](https://github.com/advisories/GHSA-m425-mq94-257g) | Ongoing |