GMS-2020-281: Denial of Service in grpc-ts-health-check

September 3, 2020

Versions of grpc-ts-health-check are vulnerable to Denial of Service. The package exposes an API endpoint that may allow attackers to set the service’s health status to failing. This can lead to Denial of Service as Kubernetes blocks traffic to services with a failing status. Upgrade to or later.

References

github.com/advisories/GHSA-m86m-5m44-pc93
www.npmjs.com/advisories/1097

Code Behaviors & Features

Detect and mitigate GMS-2020-281 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →