From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - Title: Set a configurable maximum payload size for the message decoder and add an invalid message handler to catch invalid messages #113 - Description: The gRPC message decoder uses the default maximum limit allowed by HTTP/2 transport (2^32 bytes). The default maximum should be smaller and configurable. This could be exploited to consume server or client memory, and is referenced as CVE-2024-8391. 2. Remediation: - Changes: - Added an option to configure the maximum message size, with a lower default value (256KB) for both client and server. - Added an invalid message handler on GrpcReadStream to catch invalid messages, report them, and allow the application to recover from invalid messages. The invalid message handler can be triggered by capacity overflow or decoder exceptions. - Result: - gRPC servers and clients now use a smaller default maximum message size, which can be configured according to application requirements. An invalid message handler can also be set to catch invalid messages. 3. Labels: - Labels: bug 4. Milestone: - Milestone: 4.5.10 5. Status: - Status: Closed 6. Participants: - Participants: 1 person 7. Code Commit: - Code Commit: Set a configurable maximum payload size for the message decoder and a... (a76b14a) This information indicates that the vulnerability relates to the default maximum message size in the gRPC message decoder, and the issue has been fixed by adding a configurable limit and an invalid message handler to capture invalid messages.