[GHSA-m425-mq94-257g] gRPC-Go HTTP/2 Rapid Reset vulnerability

[anandsaw]

Updates

• Affected products

Comments
There is a known CVE for this: https://osv.dev/vulnerability/CVE-2023-44487

[github]

Hi there @dfawley! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository.

This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory

[dfawley]

See #4643 for an attempt to do the same thing.

@darakian is there some way I can unsubscribe from these in the future, or will they just keep coming? Thanks!

[shelbyc]

@anandsaw as my colleague @darakian mentioned at #4643 (comment), CVE-2023-44487 is linked to GHSA-qppj-fm5r-hxr3.

@dfawley I'm not sure if there's a way for a maintainer to unsubscribe from or opt out of notifications about a GHSA that originates from their repository advisory, but I'll pass along the feedback for interest in such an option.