Fix CVE-2023-44487 in gRPC-Go HIGH
Fix CVE-2023-44487 (HTTP/2 rapid reset DDoS) in gRPC-Go for Go. Paste your go.mod into PackageFix and get a patched version back — no CLI, no signup.
⚠ Vulnerability
CVE-2023-44487 — HTTP/2 rapid reset DDoS in gRPC-Go. Update to v1.58.3 or later.
Vulnerable Version — go.mod
google.golang.org/grpc v1.50.0
Fixed Version — go.mod
google.golang.org/grpc v1.58.3
✓ Fix
Update to v1.58.3 and run go mod tidy to apply the fix.
Scan your dependencies now — paste your manifest, get a fixed version back in seconds.
Open PackageFix →No signup · No CLI · No GitHub connection · Runs 100% in your browser
Frequently Asked Questions
What is CVE-2023-44487?
CVE-2023-44487 is a vulnerability in gRPC-Go that allows HTTP/2 rapid reset DDoS. Update to version v1.58.3 or later to fix it.
Is CVE-2023-44487 on the CISA KEV catalog?
Check the live CISA KEV catalog at packagefix.dev — the catalog updates daily and PackageFix always reflects the current status.
How do I fix CVE-2023-44487 in gRPC-Go?
Update gRPC-Go to version v1.58.3 or later in your go.mod. Run go mod tidy after updating.
Does CVE-2023-44487 affect all versions of gRPC-Go?
Check the OSV advisory for the exact affected version range. PackageFix shows the minimum safe version for your installed version.