Google identified a vulnerability in gRPC C++ Implementations prior to the 1.57 release. This was a Denial-of-Service vulnerability within the gRPC's C++ implementation. These have been fixed in the 1.53.2, 1.54.3, 1.55.2, 1.56.2, and 1.57 releases.
Further more the only mention "C++, Python, Ruby" and not Java. Based on this I would assume this is a false positive.
I'm not sure if this is a DependencyCheck issue or a mistake in the NIST entry.
Package URl
pkg:maven/io.grpc/[email protected]
CPE
cpe:2.3:a:grpc:grpc::::::-::*
CVE
CVE-2023-33953
ODC Integration
{"label"=>"CLI"}
ODC Version
8.3.1
Description
The linked advisory https://cloud.google.com/support/bulletins#gcp-2023-022 in https://nvd.nist.gov/vuln/detail/CVE-2023-33953.
States:
Further more the only mention "C++, Python, Ruby" and not Java. Based on this I would assume this is a false positive.
This is further confirmed by:
I'm not sure if this is a DependencyCheck issue or a mistake in the NIST entry.