Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW04Nm0tNW00NC1wYzkz

Denial of Service in grpc-ts-health-check

Versions of grpc-ts-health-check prior to 2.0.0 are vulnerable to Denial of Service. The package exposes an API endpoint that may allow attackers to set the service's health status to failing. This can lead to Denial of Service as Kubernetes blocks traffic to services with a failing status.

Recommendation

Upgrade to version 2.0.0 or later.

Permalink: https://github.com/advisories/GHSA-m86m-5m44-pc93
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW04Nm0tNW00NC1wYzkz
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: almost 4 years ago
Updated: over 1 year ago


Identifiers: GHSA-m86m-5m44-pc93
References: Blast Radius: 0.0

Affected Packages

npm:grpc-ts-health-check
Dependent packages: 17
Dependent repositories: 29
Downloads: 8,586 last month
Affected Version Ranges: < 2.0.0
Fixed in: 2.0.0
All affected versions: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.0.9, 1.0.10, 1.0.11, 1.0.12, 1.0.13, 1.0.14
All unaffected versions: 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 3.0.1, 3.0.2, 3.1.0, 3.1.1, 3.1.2, 3.1.3