Skip to content

Commit

Permalink
docs: update GHSA-m425-mq94-257g.md (#3399) (#3413)
Browse files Browse the repository at this point in the history 
* Update GHSA-m425-mq94-257g.md

* chore: typo fix

---------

Co-authored-by: Tom McCollough <35183135+chainsaw2k@users.noreply.github.com>
  • Loading branch information
@karl-cardenas-coding @chainsaw2k
karl-cardenas-coding and chainsaw2k committed Jul 17, 2024
1 parent b44fd83 commit f8af23f
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions docs/docs-content/security-bulletins/reports/ghsa-m425-mq94-257g.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,6 @@ tags: ["security", "cve"]

We provide the most up-to-date information below.

| CVE ID | Last Update | NIST CVE Summary | Our Official Summary | CVE Severity | Status |
| ------------------------------------------------------------------------ | ----------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------- | ------- |
| [GHSA-m425-mq94-257g](https://github.com/advisories/GHSA-m425-mq94-257g) | 10/25/23 | The affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit. | CCVE exists in coredns that’s being used in k8s 1.28.11. Affects only k8s version 1.28.11. For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+. | [7.5](https://github.com/advisories/GHSA-m425-mq94-257g) | Ongoing |
| CVE ID | Last Update | NIST CVE Summary | Our Official Summary | CVE Severity | Status |
| ------------------------------------------------------------------------ | ----------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------------------------------------------------- | ------- |
| [GHSA-m425-mq94-257g](https://github.com/advisories/GHSA-m425-mq94-257g) | 10/25/23 | The affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit. | CVE exists in coredns that’s being used in k8s 1.28.11. Affects only k8s version 1.28.11. For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+. | [7.5](https://github.com/advisories/GHSA-m425-mq94-257g) | Ongoing |

0 comments on commit f8af23f

Please sign in to comment.