Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn moreWhen an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions.
Spring gRPC:
| Fix version | Availability |
|---|---|
| 1.0.3 | OSS |
No further mitigation steps are necessary.
To report a security vulnerability for a project within the Spring portfolio, see the Security Policy