GHSA-m86m-5m44-pc93 – grpc-ts-health-check

Package

Manager: npm
Name: grpc-ts-health-check
Vulnerable Version: >=0 <2.0.0

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Denial of Service in grpc-ts-health-check Versions of `grpc-ts-health-check` prior to 2.0.0 are vulnerable to Denial of Service. The package exposes an API endpoint that may allow attackers to set the service's health status to failing. This can lead to Denial of Service as Kubernetes blocks traffic to services with a failing status. ## Recommendation Upgrade to version 2.0.0 or later.

Metadata

Created: 2020-09-03T19:05:46Z
Modified: 2020-08-31T18:47:07Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-m86m-5m44-pc93/GHSA-m86m-5m44-pc93.json
CWE IDs: []
Alternative ID: N/A
Finding: F039
Auto approve: 1