Hi,
Could someone shed light on the affected versions for CVE-2023-32731? - The NVD says 1.53.0<=X<1.55.0 ( https://nvd.nist.gov/vuln/detail/CVE-2023-32731) - The GHSA says X<1.53.0 including Maven, Pip, and Ruby artifacts ( https://github.com/advisories/GHSA-cfgp-2977-2fmm) - The ruby-advisory says X<1.53.1 ( https://github.com/rubysec/ruby-advisory-db/blob/master/gems/grpc/CVE-2023-32731.yml ) - The Release notes for 1.54.2 say the version contains fixes for the CVE. (https://github.com/grpc/grpc/releases/tag/v1.54.2) If we use version 1.48.0 (grpc-java, and grpcio PIP module) are we affected? If so, what is the recommended version for upgrade? 1.55.0? Thank you, -- Josef Cacek -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/846b02ef-2879-4c2f-9fd6-b139a28f5b94n%40googlegroups.com.
