CVE-2024-8391
CVSS V2 None
CVSS V3 None
Description
In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client).
This is fixed in the 4.5.10 version.
Note this does not affect the Vert.x gRPC server based grpc-java and Netty libraries (Maven GAV: io.vertx:vertx-grpc)
Overview
- CVE ID
- CVE-2024-8391
- Assigner
- eclipse
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-09-04T15:27:58.478Z
- Last Modified Date
- 2024-09-04T17:40:20.318Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://gitlab.eclipse.org/security/cve-assignement/-/issues/31 | |
| https://github.com/eclipse-vertx/vertx-grpc/issues/113 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-8391 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8391 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-09-05 13:02:48 | Added to TrackCVE |