Vulnerability	Vulnerable Version
M Uncontrolled Resource Consumption @grpc/grpc-js is a gRPC Library for Node Affected versions of this package are vulnerable to Uncontrolled Resource Consumption via the `grpc.max_receive_message_length` channel option. An attacker can cause a denial of service by sending messages that exceed the configured limits, which are then buffered or decompressed into memory. How to fix Uncontrolled Resource Consumption? Upgrade `@grpc/grpc-js` to version 1.8.22, 1.9.15, 1.10.9 or higher.	<1.8.22>=1.9.0 <1.9.15>=1.10.0 <1.10.9
H Prototype Pollution @grpc/grpc-js is a gRPC Library for Node Affected versions of this package are vulnerable to Prototype Pollution via `loadPackageDefinition`. POC: `const { loadPackageDefinition } = require('grpc'); loadPackageDefinition({'__proto__.polluted': true}); console.log(polluted);` How to fix Prototype Pollution? Upgrade `@grpc/grpc-js` to version 1.1.8 or higher.	<1.1.8

Uncontrolled Resource Consumption

@grpc/grpc-js is a gRPC Library for Node

Affected versions of this package are vulnerable to Uncontrolled Resource Consumption via the grpc.max_receive_message_length channel option. An attacker can cause a denial of service by sending messages that exceed the configured limits, which are then buffered or decompressed into memory.

How to fix Uncontrolled Resource Consumption?

Upgrade @grpc/grpc-js to version 1.8.22, 1.9.15, 1.10.9 or higher.

<1.8.22>=1.9.0 <1.9.15>=1.10.0 <1.10.9

Prototype Pollution

@grpc/grpc-js is a gRPC Library for Node

Affected versions of this package are vulnerable to Prototype Pollution via loadPackageDefinition.

POC:

const { loadPackageDefinition } = require('grpc');
loadPackageDefinition({'__proto__.polluted': true});
console.log(polluted);

How to fix Prototype Pollution?

Upgrade @grpc/grpc-js to version 1.1.8 or higher.

<1.1.8

Go back to all versions of this package