Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/io.grpc/grpc-protobuf@1.53.0
purl pkg:maven/io.grpc/grpc-protobuf@1.53.0
Next non-vulnerable version 1.54.2
Latest non-vulnerable version 1.54.2
Risk 4.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-61xa-2pun-n3c9
Aliases:
CVE-2023-32731
GHSA-cfgp-2977-2fmm
Connection confusion in gRPC When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration.
1.53.1
Affected by 0 other vulnerabilities.
1.54.2
Affected by 0 other vulnerabilities.
VCID-v4qr-8be5-bbej
Aliases:
CVE-2023-32732
GHSA-9hxf-ppjv-w6rq
gRPC connection termination issue gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in https://github.com/grpc/grpc/pull/32309.
1.53.1
Affected by 0 other vulnerabilities.
1.54.2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-qatb-my8j-b3hr gRPC Reachable Assertion issue There exists an vulnerability causing an abort() to be called in gRPC. The following headers cause gRPC's C++ implementation to abort() when called via http2: te: x (x != trailers) :scheme: x (x != http, https) grpclb_client_stats: x (x == anything) On top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. We recommend upgrading past git commit 2485fa94bd8a723e5c977d55a3ce10b301b437f8 or v1.53 and above. CVE-2023-1428
GHSA-6628-q6j9-w8vg

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-29T21:14:09.323804+00:00 GitLab Importer Affected by VCID-v4qr-8be5-bbej https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.grpc/grpc-protobuf/CVE-2023-32732.yml 38.5.0
2026-04-29T21:14:08.730139+00:00 GitLab Importer Fixing VCID-qatb-my8j-b3hr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.grpc/grpc-protobuf/CVE-2023-1428.yml 38.5.0
2026-04-29T21:13:56.575859+00:00 GitLab Importer Affected by VCID-61xa-2pun-n3c9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.grpc/grpc-protobuf/CVE-2023-32731.yml 38.5.0
2026-04-16T22:33:14.780332+00:00 GitLab Importer Affected by VCID-v4qr-8be5-bbej https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.grpc/grpc-protobuf/CVE-2023-32732.yml 38.4.0
2026-04-16T22:33:14.166416+00:00 GitLab Importer Fixing VCID-qatb-my8j-b3hr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.grpc/grpc-protobuf/CVE-2023-1428.yml 38.4.0
2026-04-16T22:33:01.574443+00:00 GitLab Importer Affected by VCID-61xa-2pun-n3c9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.grpc/grpc-protobuf/CVE-2023-32731.yml 38.4.0
2026-04-11T23:52:10.008753+00:00 GitLab Importer Affected by VCID-v4qr-8be5-bbej https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.grpc/grpc-protobuf/CVE-2023-32732.yml 38.3.0
2026-04-11T23:52:09.357695+00:00 GitLab Importer Fixing VCID-qatb-my8j-b3hr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.grpc/grpc-protobuf/CVE-2023-1428.yml 38.3.0
2026-04-11T23:51:56.211615+00:00 GitLab Importer Affected by VCID-61xa-2pun-n3c9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.grpc/grpc-protobuf/CVE-2023-32731.yml 38.3.0
2026-04-02T23:55:23.633124+00:00 GitLab Importer Affected by VCID-v4qr-8be5-bbej https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.grpc/grpc-protobuf/CVE-2023-32732.yml 38.1.0
2026-04-02T23:55:23.044659+00:00 GitLab Importer Fixing VCID-qatb-my8j-b3hr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.grpc/grpc-protobuf/CVE-2023-1428.yml 38.1.0
2026-04-02T23:55:10.464949+00:00 GitLab Importer Affected by VCID-61xa-2pun-n3c9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.grpc/grpc-protobuf/CVE-2023-32731.yml 38.1.0
2026-04-02T16:59:52.258157+00:00 GHSA Importer Affected by VCID-v4qr-8be5-bbej https://github.com/advisories/GHSA-9hxf-ppjv-w6rq 38.1.0
2026-04-02T16:59:52.108639+00:00 GHSA Importer Fixing VCID-qatb-my8j-b3hr https://github.com/advisories/GHSA-6628-q6j9-w8vg 38.1.0
2026-04-02T16:59:49.561966+00:00 GHSA Importer Affected by VCID-61xa-2pun-n3c9 https://github.com/advisories/GHSA-cfgp-2977-2fmm 38.1.0
2026-04-01T12:59:05.645472+00:00 GithubOSV Importer Fixing VCID-qatb-my8j-b3hr https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-6628-q6j9-w8vg/GHSA-6628-q6j9-w8vg.json 38.0.0
2026-04-01T12:51:31.819348+00:00 GitLab Importer Affected by VCID-v4qr-8be5-bbej https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.grpc/grpc-protobuf/CVE-2023-32732.yml 38.0.0
2026-04-01T12:51:31.761554+00:00 GitLab Importer Fixing VCID-qatb-my8j-b3hr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.grpc/grpc-protobuf/CVE-2023-1428.yml 38.0.0
2026-04-01T12:51:30.378508+00:00 GitLab Importer Affected by VCID-61xa-2pun-n3c9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.grpc/grpc-protobuf/CVE-2023-32731.yml 38.0.0