Thank you very much for keeping us in the loop. Could you please email detailed vulnerabilities to the private grpc-secur...@googlegroups.com list? Production security engineers will evaluate the vulnerability within 3 workdays.
gRPC CVE process can be found in https://github.com/grpc/proposal/blob/master/P4-grpc-cve-process.md Thanks, Jiangtao On Wednesday, August 21, 2019 at 3:18:58 AM UTC-7, u...@curv.co wrote: > > Hi, > > Our team has recently discovered a Null Pointer Dereference security > vulnerability in gRPC. > > How do we disclose it and open a CVE. > > Thanks! > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/e43d36ab-5a99-46bc-b654-a24ea984a6a8%40googlegroups.com.