gRPC contains a vulnerability CVE-2023-32732

[DirkRichter]

Problem description

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading to v1.53.0 beyond the commit in grpc/grpc#32309

https://nvd.nist.gov/vuln/detail/cve-2023-32732

[murgatroid99]

I don't think grpc-js is impacted by this vulnerability. If you believe otherwise please provide more details.

[DirkRichter]

Not sure. Our DependencyTrack races an CVE on v1.14.3:

Maybe this is a false positive? Can someone confirm?