-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
SwiftSwiftMiggo AIRoot Cause AnalysisThe vulnerability title and CWE-372 (Incomplete Internal State Distinction) directly implicate state management in GRPCWebToHTTP2ServerCodec. The codec's role in parsing gRPC Web requests makes its decode method the most likely candidate for improper state transitions. NVD's description of 'mismanaged state' and the precondition failure impact pattern further support this conclusion. While exact commit details are unavailable, the codec's core responsibility for request parsing and the vulnerability's nature strongly point to the decode() function as the vulnerable component.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/grpc/grpc-swift | swift | < 1.2.0 | 1.2.0 |
Ongoing coverage of React2Shell