Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/io.grpc/grpc-protobuf@1.54.2
purl pkg:maven/io.grpc/grpc-protobuf@1.54.2
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-61xa-2pun-n3c9 Connection confusion in gRPC When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. CVE-2023-32731
GHSA-cfgp-2977-2fmm
VCID-v4qr-8be5-bbej gRPC connection termination issue gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in https://github.com/grpc/grpc/pull/32309. CVE-2023-32732
GHSA-9hxf-ppjv-w6rq

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T22:33:14.790919+00:00 GitLab Importer Fixing VCID-v4qr-8be5-bbej https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.grpc/grpc-protobuf/CVE-2023-32732.yml 38.4.0
2026-04-16T22:33:01.584566+00:00 GitLab Importer Fixing VCID-61xa-2pun-n3c9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.grpc/grpc-protobuf/CVE-2023-32731.yml 38.4.0
2026-04-11T23:52:10.019937+00:00 GitLab Importer Fixing VCID-v4qr-8be5-bbej https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.grpc/grpc-protobuf/CVE-2023-32732.yml 38.3.0
2026-04-11T23:51:56.223461+00:00 GitLab Importer Fixing VCID-61xa-2pun-n3c9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.grpc/grpc-protobuf/CVE-2023-32731.yml 38.3.0
2026-04-02T23:55:23.643516+00:00 GitLab Importer Fixing VCID-v4qr-8be5-bbej https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.grpc/grpc-protobuf/CVE-2023-32732.yml 38.1.0
2026-04-02T23:55:10.476560+00:00 GitLab Importer Fixing VCID-61xa-2pun-n3c9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.grpc/grpc-protobuf/CVE-2023-32731.yml 38.1.0
2026-04-02T16:59:52.056686+00:00 GHSA Importer Fixing VCID-v4qr-8be5-bbej https://github.com/advisories/GHSA-9hxf-ppjv-w6rq 38.1.0
2026-04-02T16:59:49.466442+00:00 GHSA Importer Fixing VCID-61xa-2pun-n3c9 https://github.com/advisories/GHSA-cfgp-2977-2fmm 38.1.0
2026-04-01T12:59:04.328497+00:00 GithubOSV Importer Fixing VCID-61xa-2pun-n3c9 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-cfgp-2977-2fmm/GHSA-cfgp-2977-2fmm.json 38.0.0
2026-04-01T12:58:54.316987+00:00 GithubOSV Importer Fixing VCID-v4qr-8be5-bbej https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-9hxf-ppjv-w6rq/GHSA-9hxf-ppjv-w6rq.json 38.0.0
2026-04-01T12:51:31.827252+00:00 GitLab Importer Fixing VCID-v4qr-8be5-bbej https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.grpc/grpc-protobuf/CVE-2023-32732.yml 38.0.0
2026-04-01T12:51:30.387144+00:00 GitLab Importer Fixing VCID-61xa-2pun-n3c9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.grpc/grpc-protobuf/CVE-2023-32731.yml 38.0.0