Brpc
by Apache
Source repositories
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-31039 | Cri | 0.64 | 9.8 | 0.02 | May 8, 2023 | Security vulnerability in Apache bRPC <1.5.0 on all platforms allows attackers to execute arbitrary code via ServerOptions::pid_file. An attacker that can influence the ServerOptions pid_file parameter with which the bRPC server is started can execute arbitrary code with the… | ||
| CVE-2023-45757 | Med | 0.40 | 6.1 | 0.01 | Oct 16, 2023 | Security vulnerability in Apache bRPC <=1.6.0 on all platforms allows attackers to inject XSS code to the builtin rpcz page. An attacker that can send http request to bRPC server with rpcz enabled can inject arbitrary XSS code to the builtin rpcz page. Solution (choose one of… | ||
| CVE-2025-60021 | 0.00 | — | 0.26 | Jan 16, 2026 | Remote command injection vulnerability in heap profiler builtin service in Apache bRPC ((all versions < 1.15.0)) on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service (/pprof/heap) does not validate the user-provided… | |||
| CVE-2025-59789 | 0.00 | — | 0.01 | Dec 1, 2025 | Uncontrolled recursion in the json2pb component in Apache bRPC (version < 1.15.0) on all platforms allows remote attackers to make the server crash via sending deep recursive json data. Root Cause: The bRPC json2pb component uses rapidjson to parse json data from the network.… | |||
| CVE-2025-54472 | 0.00 | — | 0.01 | Aug 14, 2025 | Unlimited memory allocation in redis protocol parser in Apache bRPC (all versions < 1.14.1) on all platforms allows attackers to crash the service via network. Root Cause: In the bRPC Redis protocol parser code, memory for arrays or strings of corresponding sizes is allocated… | |||
| CVE-2024-23452 | Hig | 0.00 | 7.5 | 0.02 | Feb 8, 2024 | Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows attacker to smuggle request. Vulnerability Cause Description: The http_parser does not comply with the RFC-7230 HTTP 1.1 specification. Attack scenario: If a message is… |
- risk 0.64cvss 9.8epss 0.02
Security vulnerability in Apache bRPC <1.5.0 on all platforms allows attackers to execute arbitrary code via ServerOptions::pid_file. An attacker that can influence the ServerOptions pid_file parameter with which the bRPC server is started can execute arbitrary code with the…
- risk 0.40cvss 6.1epss 0.01
Security vulnerability in Apache bRPC <=1.6.0 on all platforms allows attackers to inject XSS code to the builtin rpcz page. An attacker that can send http request to bRPC server with rpcz enabled can inject arbitrary XSS code to the builtin rpcz page. Solution (choose one of…
- CVE-2025-60021Jan 16, 2026risk 0.00cvss —epss 0.26
Remote command injection vulnerability in heap profiler builtin service in Apache bRPC ((all versions < 1.15.0)) on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service (/pprof/heap) does not validate the user-provided…
- CVE-2025-59789Dec 1, 2025risk 0.00cvss —epss 0.01
Uncontrolled recursion in the json2pb component in Apache bRPC (version < 1.15.0) on all platforms allows remote attackers to make the server crash via sending deep recursive json data. Root Cause: The bRPC json2pb component uses rapidjson to parse json data from the network.…
- CVE-2025-54472Aug 14, 2025risk 0.00cvss —epss 0.01
Unlimited memory allocation in redis protocol parser in Apache bRPC (all versions < 1.14.1) on all platforms allows attackers to crash the service via network. Root Cause: In the bRPC Redis protocol parser code, memory for arrays or strings of corresponding sizes is allocated…
- risk 0.00cvss 7.5epss 0.02
Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows attacker to smuggle request. Vulnerability Cause Description: The http_parser does not comply with the RFC-7230 HTTP 1.1 specification. Attack scenario: If a message is…