Published vulnerability with high criticality for the used gRPC dependency #11694
Replies: 4 comments
-
|
There is also an additional medium criticality vulnerability which would be fixed by a gRPC version increase as well: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32732 |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the reports! FWIW, grpc-cpp is only used as a client library within Firebase SDKs, and I believe the vulnerabilities here impact servers, your App built with the SDKs are not affected. That being said, we will do a version upgrade in the upcoming release. Again, thanks for the report! |
Beta Was this translation helpful? Give feedback.
-
|
Another high criticality vulnerability was found: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4785 |
Beta Was this translation helpful? Give feedback.
-
|
Yet another high criticality vulnerability was found in gRPC: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44487 |
Beta Was this translation helpful? Give feedback.
-
Hi, our dependency check just failed with a high priority issue that affects the gRPC dependency used by the current version of Firebase: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33953
Does anyone have advice on how we can escalate this to the Firebase SDK team?
Best, Patrick
Beta Was this translation helpful? Give feedback.
All reactions