grpc downgrade caused vulnerability scan issue

Description

Our recent scan shows that in Firebase iOS 10.16.0 release the grpc has been downgraded to 1.44.0 which expose a denial-of-service (DoS) vulnerability.

Reproducing the issue

No response

Firebase SDK Version

10.16.0

Xcode Version

15.0

Installation Method

Swift Package Manager

Firebase Product(s)

All

Targeted Platforms

iOS

Relevant Log Output

No response

If using Swift Package Manager, the project's Package.resolved

Expand Package.resolved snippet

Replace this line with the contents of your Package.resolved.

If using CocoaPods, the project's Podfile.lock

Expand Podfile.lock snippet

Replace this line with the contents of your Podfile.lock!

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

grpc downgrade caused vulnerability scan issue #12021

Description

Reproducing the issue

Firebase SDK Version

Xcode Version

Installation Method

Firebase Product(s)

Targeted Platforms

Relevant Log Output

If using Swift Package Manager, the project's Package.resolved

If using CocoaPods, the project's Podfile.lock

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

grpc downgrade caused vulnerability scan issue #12021

Description

Description

Reproducing the issue

Firebase SDK Version

Xcode Version

Installation Method

Firebase Product(s)

Targeted Platforms

Relevant Log Output

If using Swift Package Manager, the project's Package.resolved

If using CocoaPods, the project's Podfile.lock

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions