Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW04Nm0tNW00NC1wYzkz
Denial of Service in grpc-ts-health-check
Versions of grpc-ts-health-check prior to 2.0.0 are vulnerable to Denial of Service. The package exposes an API endpoint that may allow attackers to set the service's health status to failing. This can lead to Denial of Service as Kubernetes blocks traffic to services with a failing status.
Recommendation
Upgrade to version 2.0.0 or later.
Permalink: https://github.com/advisories/GHSA-m86m-5m44-pc93JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW04Nm0tNW00NC1wYzkz
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: over 3 years ago
Updated: over 1 year ago
Identifiers: GHSA-m86m-5m44-pc93
References: Blast Radius: 0.0
Affected Packages
npm:grpc-ts-health-check
Dependent packages: 17Dependent repositories: 29
Downloads: 7,688 last month
Affected Version Ranges: < 2.0.0
Fixed in: 2.0.0
All affected versions: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.0.9, 1.0.10, 1.0.11, 1.0.12, 1.0.13, 1.0.14
All unaffected versions: 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 3.0.1, 3.0.2, 3.1.0, 3.1.1, 3.1.2, 3.1.3