| sidebar_label | title | description | hide_table_of_contents | sidebar_class_name | toc_max_heading_level | tags | ||
|---|---|---|---|---|---|---|---|---|
GHSA-m425-mq94-257g |
GHSA-m425-mq94-257g |
Lifecycle of GHSA-m425-mq94-257g |
true |
hide-from-sidebar |
2 |
|
11/7/24
The affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit.
CVE exists in coredns that’s being used in k8s 1.28.11. Affects only k8s version 1.28.11. For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+.
Ongoing
- Palette VerteX airgap 4.4.11, 4.4.14, 4.4.18, 4.5.3, 4.5.8
- Palette Enterprise airgap 4.4.18, 4.5.3, 4.5.8
- Palette Enterprise 4.5.3, 4.5.8
- Palette VerteX 4.5.3, 4.5.8
- 1.0 08/16/2024 Initial Publication
- 2.0 08/16/2024 Added Palette VerteX airgap 4.4.11 to Affected Products
- 3.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products
- 4.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products
- 5.0 10/10/2024 Added Palette VerteX airgap 4.5.3 & Palette Enterprise airgap 4.5.3 to Affected Products
- 6.0 10/14/2024 Added Palette VerteX 4.5.3 to Affected Products
- 7.0 11/7/2024 Added Palette VerteX airgap, Palette Enterprise airgap, Palette Enterprise, and Palette VerteX 4.5.8 to Affected Products