Yes. Python module calls into C code. On Wed, Aug 30, 2023 at 11:48 AM Josef Cacek <josef.ca...@gmail.com> wrote:
> Thank you for the reply, Eugene. > Is the response also valid for the Python grpcio module? > Regards, > -- Josef > > st 30. 8. 2023 v 19:15 odesílatel 'Eugene Ostroukhov' via grpc.io > <grpc-io@googlegroups.com> napsal: > > > > This does not seem to apply to gRPC Java as that one is a separate > codebase. > > > > 1.48 does not seem to have this specific vulnerability it is no longer > maintained and will not receive fixes if any new issues are discovered. We > would recommend you to switch to a more current gRPC version. > > > > On Tuesday, August 29, 2023 at 8:28:25 AM UTC-7 Josef Cacek wrote: > >> > >> Hi, > >> > >> Could someone shed light on the affected versions for CVE-2023-32731? > >> > >> The NVD says 1.53.0<=X<1.55.0 ( > https://nvd.nist.gov/vuln/detail/CVE-2023-32731) > >> The GHSA says X<1.53.0 including Maven, Pip, and Ruby artifacts ( > https://github.com/advisories/GHSA-cfgp-2977-2fmm) > >> The ruby-advisory says X<1.53.1 ( > https://github.com/rubysec/ruby-advisory-db/blob/master/gems/grpc/CVE-2023-32731.yml > ) > >> The Release notes for 1.54.2 say the version contains fixes for the > CVE. (https://github.com/grpc/grpc/releases/tag/v1.54.2) > >> > >> If we use version 1.48.0 (grpc-java, and grpcio PIP module) are we > affected? If so, what is the recommended version for upgrade? 1.55.0? > >> > >> > >> Thank you, > >> > >> > >> -- Josef Cacek > > > > -- > > You received this message because you are subscribed to the Google > Groups "grpc.io" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to grpc-io+unsubscr...@googlegroups.com. > > To view this discussion on the web visit > https://groups.google.com/d/msgid/grpc-io/6aa88fe0-bbe4-4a7d-9b2b-c0106750cf26n%40googlegroups.com > . > > -- > You received this message because you are subscribed to a topic in the > Google Groups "grpc.io" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/grpc-io/mqhY4-Yx8KI/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > grpc-io+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/grpc-io/CA%2B6Tb2qBGSEO-rPZogPf66g0xUW-94VBYpXbLbRpCrHrs9aNyw%40mail.gmail.com > . > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/CAD%2B8YVNPr22zr6QXuV1X%2B1fcpuf5JGq9rG_7ozW9m1iE_uUVYw%40mail.gmail.com.
