Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/grpcio@1.54.0
Typepypi
Namespace
Namegrpcio
Version1.54.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.54.3
Latest_non_vulnerable_version1.56.2
Affected_by_vulnerabilities
0
url VCID-3yj7-2uwb-rfeg
vulnerability_id VCID-3yj7-2uwb-rfeg
summary 
Denial of Service Vulnerability in gRPC TCP Server (Posix-compatible platforms)
Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4785.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4785.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-4785
reference_id
reference_type
scores
0
value 0.00042
scoring_system epss
scoring_elements 0.13327
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-4785
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4785
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4785
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/grpc/grpc/pull/33656
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-25T18:02:01Z/
url https://github.com/grpc/grpc/pull/33656
5
reference_url https://github.com/grpc/grpc/pull/33667
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-25T18:02:01Z/
url https://github.com/grpc/grpc/pull/33667
6
reference_url https://github.com/grpc/grpc/pull/33669
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-25T18:02:01Z/
url https://github.com/grpc/grpc/pull/33669
7
reference_url https://github.com/grpc/grpc/pull/33670
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-25T18:02:01Z/
url https://github.com/grpc/grpc/pull/33670
8
reference_url https://github.com/grpc/grpc/pull/33672
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-25T18:02:01Z/
url https://github.com/grpc/grpc/pull/33672
9
reference_url https://groups.google.com/g/grpc-io/c/LlLkB1CeE4U
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/grpc-io/c/LlLkB1CeE4U
10
reference_url https://rubygems.org/gems/grpc/versions/1.53.2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://rubygems.org/gems/grpc/versions/1.53.2
11
reference_url https://rubygems.org/gems/grpc/versions/1.54.3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://rubygems.org/gems/grpc/versions/1.54.3
12
reference_url https://rubygems.org/gems/grpc/versions/1.55.3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://rubygems.org/gems/grpc/versions/1.55.3
13
reference_url https://rubygems.org/gems/grpc/versions/1.56.2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://rubygems.org/gems/grpc/versions/1.56.2
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059281
reference_id 1059281
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059281
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2239017
reference_id 2239017
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2239017
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-4785
reference_id CVE-2023-4785
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-4785
17
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/grpc/CVE-2023-4785.yml
reference_id CVE-2023-4785.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/grpc/CVE-2023-4785.yml
18
reference_url https://github.com/advisories/GHSA-p25m-jpj4-qcrr
reference_id GHSA-p25m-jpj4-qcrr
reference_type
scores
url https://github.com/advisories/GHSA-p25m-jpj4-qcrr
19
reference_url https://access.redhat.com/errata/RHSA-2024:0797
reference_id RHSA-2024:0797
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0797
fixed_packages
0
url pkg:pypi/grpcio@1.54.3
purl pkg:pypi/grpcio@1.54.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/grpcio@1.54.3
1
url pkg:pypi/grpcio@1.55.3
purl pkg:pypi/grpcio@1.55.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/grpcio@1.55.3
aliases CVE-2023-4785, GHSA-p25m-jpj4-qcrr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3yj7-2uwb-rfeg
1
url VCID-9n4p-zc4e-cqdq
vulnerability_id VCID-9n4p-zc4e-cqdq
summary 
gRPC connection termination issue
gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in https://github.com/grpc/grpc/pull/32309.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32732.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32732.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-32732
reference_id
reference_type
scores
0
value 0.00024
scoring_system epss
scoring_elements 0.07195
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-32732
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32732
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32732
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/grpc/grpc/commit/29d8beee0ac2555773b2a2dda5601c74a95d6c10
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grpc/grpc/commit/29d8beee0ac2555773b2a2dda5601c74a95d6c10
5
reference_url https://github.com/grpc/grpc/commit/65a2a895afaf1d2072447b9baf246374b182a946
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grpc/grpc/commit/65a2a895afaf1d2072447b9baf246374b182a946
6
reference_url https://github.com/grpc/grpc/pull/32309
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-26T18:59:27Z/
url https://github.com/grpc/grpc/pull/32309
7
reference_url https://github.com/grpc/grpc/releases/tag/v1.53.1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grpc/grpc/releases/tag/v1.53.1
8
reference_url https://github.com/grpc/grpc/releases/tag/v1.54.2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grpc/grpc/releases/tag/v1.54.2
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/37IDNVY5AWVH7JDMM2SDTL24ZPPZJNSY
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/37IDNVY5AWVH7JDMM2SDTL24ZPPZJNSY
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/37IDNVY5AWVH7JDMM2SDTL24ZPPZJNSY/
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-26T18:59:27Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/37IDNVY5AWVH7JDMM2SDTL24ZPPZJNSY/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VWE44J5FG7THHL7XVEVTNIGEYBNKJBLL
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VWE44J5FG7THHL7XVEVTNIGEYBNKJBLL
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VWE44J5FG7THHL7XVEVTNIGEYBNKJBLL/
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-26T18:59:27Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VWE44J5FG7THHL7XVEVTNIGEYBNKJBLL/
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059280
reference_id 1059280
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059280
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2214469
reference_id 2214469
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2214469
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-32732
reference_id CVE-2023-32732
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-32732
16
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/grpc/CVE-2023-32732.yml
reference_id CVE-2023-32732.YML
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/grpc/CVE-2023-32732.yml
17
reference_url https://github.com/advisories/GHSA-9hxf-ppjv-w6rq
reference_id GHSA-9hxf-ppjv-w6rq
reference_type
scores
url https://github.com/advisories/GHSA-9hxf-ppjv-w6rq
fixed_packages
0
url pkg:pypi/grpcio@1.54.2
purl pkg:pypi/grpcio@1.54.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3yj7-2uwb-rfeg
1
vulnerability VCID-s72k-z9nx-hkac
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/grpcio@1.54.2
aliases CVE-2023-32732, GHSA-9hxf-ppjv-w6rq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9n4p-zc4e-cqdq
2
url VCID-s72k-z9nx-hkac
vulnerability_id VCID-s72k-z9nx-hkac
summary 
Excessive Iteration in gRPC
gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks:

- Unbounded memory buffering in the HPACK parser
- Unbounded CPU consumption in the HPACK parser

The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client.

The unbounded memory buffering bugs:

- The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb.
- HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse.
- gRPC’s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc…
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-33953.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-33953.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-33953
reference_id
reference_type
scores
0
value 0.00124
scoring_system epss
scoring_elements 0.31195
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-33953
2
reference_url https://cloud.google.com/support/bulletins#gcp-2023-022
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-27T17:54:21Z/
url https://cloud.google.com/support/bulletins#gcp-2023-022
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33953
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33953
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://security.snyk.io/vuln/SNYK-RUBY-GRPC-5834442
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.snyk.io/vuln/SNYK-RUBY-GRPC-5834442
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059279
reference_id 1059279
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059279
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2230890
reference_id 2230890
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2230890
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-33953
reference_id CVE-2023-33953
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-33953
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/grpc/CVE-2023-33953.yml
reference_id CVE-2023-33953.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/grpc/CVE-2023-33953.yml
10
reference_url https://github.com/advisories/GHSA-496j-2rq6-j6cc
reference_id GHSA-496j-2rq6-j6cc
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-496j-2rq6-j6cc
11
reference_url https://access.redhat.com/errata/RHSA-2024:10761
reference_id RHSA-2024:10761
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10761
fixed_packages
0
url pkg:pypi/grpcio@1.54.3
purl pkg:pypi/grpcio@1.54.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/grpcio@1.54.3
1
url pkg:pypi/grpcio@1.55.2
purl pkg:pypi/grpcio@1.55.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/grpcio@1.55.2
2
url pkg:pypi/grpcio@1.55.3
purl pkg:pypi/grpcio@1.55.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/grpcio@1.55.3
3
url pkg:pypi/grpcio@1.56.2
purl pkg:pypi/grpcio@1.56.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/grpcio@1.56.2
aliases CVE-2023-33953, GHSA-496j-2rq6-j6cc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s72k-z9nx-hkac
3
url VCID-scy8-8nt2-zfh9
vulnerability_id VCID-scy8-8nt2-zfh9
summary 
Connection confusion in gRPC
When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32731.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32731.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-32731
reference_id
reference_type
scores
0
value 0.00075
scoring_system epss
scoring_elements 0.22697
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-32731
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/grpc/grpc/commit/29d8beee0ac2555773b2a2dda5601c74a95d6c10
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/grpc/grpc/commit/29d8beee0ac2555773b2a2dda5601c74a95d6c10
4
reference_url https://github.com/grpc/grpc/commit/65a2a895afaf1d2072447b9baf246374b182a946
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/grpc/grpc/commit/65a2a895afaf1d2072447b9baf246374b182a946
5
reference_url https://github.com/grpc/grpc/issues/33463
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/grpc/grpc/issues/33463
6
reference_url https://github.com/grpc/grpc/pull/32309
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:07:16Z/
url https://github.com/grpc/grpc/pull/32309
7
reference_url https://github.com/grpc/grpc/pull/33005
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:07:16Z/
url https://github.com/grpc/grpc/pull/33005
8
reference_url https://github.com/grpc/grpc/releases/tag/v1.53.1
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/grpc/grpc/releases/tag/v1.53.1
9
reference_url https://github.com/grpc/grpc/releases/tag/v1.54.2
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/grpc/grpc/releases/tag/v1.54.2
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2214463
reference_id 2214463
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2214463
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-32731
reference_id CVE-2023-32731
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-32731
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/grpc/CVE-2023-32731.yml
reference_id CVE-2023-32731.YML
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/grpc/CVE-2023-32731.yml
13
reference_url https://github.com/advisories/GHSA-cfgp-2977-2fmm
reference_id GHSA-cfgp-2977-2fmm
reference_type
scores
url https://github.com/advisories/GHSA-cfgp-2977-2fmm
14
reference_url https://access.redhat.com/errata/RHSA-2024:10761
reference_id RHSA-2024:10761
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10761
fixed_packages
0
url pkg:pypi/grpcio@1.54.2
purl pkg:pypi/grpcio@1.54.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3yj7-2uwb-rfeg
1
vulnerability VCID-s72k-z9nx-hkac
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/grpcio@1.54.2
aliases CVE-2023-32731, GHSA-cfgp-2977-2fmm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-scy8-8nt2-zfh9
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/grpcio@1.54.0