Nixpkgs Security Tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: grpc-gateway

Found 2 matching suggestions

Untriaged
Permalink CVE-2024-11407
created 4 months, 3 weeks ago
Denial of Service through Data corruption in gRPC-C++

There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmission over the network thus leading the receiver to receive an incorrect set of bytes causing RPC requests to fail. We recommend upgrading past commit e9046b2bbebc0cb7f5dc42008f807f6c7e98e791

Affected products

grpc
  • =<1.66.1

Matching in nixpkgs

pkgs.grpc

C based gRPC (C++, Python, Ruby, Objective-C, PHP, C#)

  • nixos-unstable -

pkgs.grpcui

Interactive web UI for gRPC, along the lines of postman

  • nixos-unstable -

pkgs.grpcurl

Like cURL, but for gRPC: Command-line tool for interacting with gRPC servers

  • nixos-unstable -

pkgs.grpc_cli

Command line tool for interacting with grpc services

  • nixos-unstable -

pkgs.grpc-tools

Distribution of protoc and the gRPC Node protoc plugin for ease of installation with npm

  • nixos-unstable -

pkgs.qt6.qtgrpc

Cross-platform application framework for C++

  • nixos-unstable -

pkgs.grpc-gateway

GRPC to JSON proxy generator plugin for Google Protocol Buffers

  • nixos-unstable -

pkgs.grpc-health-check

Minimal, high performance, memory-friendly, safe implementation of the gRPC health checking protocol

pkgs.grpc-health-probe

command-line tool to perform health-checks for gRPC applications

  • nixos-unstable -

pkgs.protoc-gen-entgrpc

Generator of an implementation of the service interface for ent protobuff

  • nixos-unstable -

pkgs.php81Extensions.grpc

High performance, open source, general RPC framework that puts mobile and HTTP/2 first

  • nixos-unstable -

pkgs.php82Extensions.grpc

High performance, open source, general RPC framework that puts mobile and HTTP/2 first

  • nixos-unstable -

pkgs.php83Extensions.grpc

High performance, open source, general RPC framework that puts mobile and HTTP/2 first

  • nixos-unstable -

pkgs.php84Extensions.grpc

High performance, open source, general RPC framework that puts mobile and HTTP/2 first

  • nixos-unstable -
Untriaged
Permalink CVE-2024-10295
created 4 months, 3 weeks ago
Gateway: apicast basic auth bypass via malformed base64 headerssending non-base64 'basic' auth with special characters causes apicast to incorrectly authenticate a request

A flaw was found in Gateway. Sending a non-base64 'basic' auth with special characters can cause APICast to incorrectly authenticate a request. A malformed basic authentication header containing special characters bypasses authentication and allows unauthorized access to the backend. This issue can occur due to a failure in the base64 decoding process, which causes APICast to skip the rest of the authentication checks and proceed with routing the request upstream.

Affected products

gateway
  • =<2.14.2
3scale-amp-apicast-gateway-container

Matching in nixpkgs

pkgs.grpc-gateway

GRPC to JSON proxy generator plugin for Google Protocol Buffers

  • nixos-unstable -

pkgs.ingress2gateway

Convert Ingress resources to Gateway API resources

  • nixos-unstable -

pkgs.firezone-gateway

WireGuard tunnel server for the Firezone zero-trust access platform

  • nixos-unstable -