npm

Severity: low

Denial of Service

grpc-ts-health-check

Overview

Versions of grpc-ts-health-check prior to 2.0.0 are vulnerable to Denial of Service. The package exposes an API endpoint that may allow attackers to set the service's health status to failing. This can lead to Denial of Service as Kubernetes blocks traffic to services with a failing status.

Remediation

Upgrade to version 2.0.0 or later.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory Published
    Aug 5th, 2019
  2. reported

    Reported by Dave Brett
    Aug 5th, 2019