diff --git a/docs/docs-content/security-bulletins/reports/ghsa-m425-mq94-257g.md b/docs/docs-content/security-bulletins/reports/ghsa-m425-mq94-257g.md index b842baff81..42147f6031 100644 --- a/docs/docs-content/security-bulletins/reports/ghsa-m425-mq94-257g.md +++ b/docs/docs-content/security-bulletins/reports/ghsa-m425-mq94-257g.md @@ -12,6 +12,6 @@ tags: ["security", "cve"] We provide the most up-to-date information below. -| CVE ID | Last Update | NIST CVE Summary | Our Official Summary | CVE Severity | Status | -| ------------------------------------------------------------------------ | ----------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------- | ------- | -| [GHSA-m425-mq94-257g](https://github.com/advisories/GHSA-m425-mq94-257g) | 10/25/23 | The affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit. | CCVE exists in coredns that’s being used in k8s 1.28.11. Affects only k8s version 1.28.11. For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+. | [7.5](https://github.com/advisories/GHSA-m425-mq94-257g) | Ongoing | +| CVE ID | Last Update | NIST CVE Summary | Our Official Summary | CVE Severity | Status | +| ------------------------------------------------------------------------ | ----------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------------------------------------------------- | ------- | +| [GHSA-m425-mq94-257g](https://github.com/advisories/GHSA-m425-mq94-257g) | 10/25/23 | The affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit. | CVE exists in coredns that’s being used in k8s 1.28.11. Affects only k8s version 1.28.11. For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+. | [7.5](https://github.com/advisories/GHSA-m425-mq94-257g) | Ongoing |