Vulnerabilities > CVE-2023-31039 - Unspecified vulnerability in Apache Brpc

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

apache

critical

NVD

Published: 2023-05-08

Updated: 2024-11-21

Summary

Security vulnerability in Apache bRPC <1.5.0 on all platforms allows attackers to execute arbitrary code via ServerOptions::pid_file. An attacker that can influence the ServerOptions pid_file parameter with which the bRPC server is started can execute arbitrary code with the permissions of the bRPC process. Solution: 1. upgrade to bRPC >= 1.5.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.5.0/ https://dist.apache.org/repos/dist/release/brpc/1.5.0/ 2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch: https://github.com/apache/brpc/pull/2218 https://github.com/apache/brpc/pull/2218

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache Brpc 0.9.0 Apache Brpc 0.9.5 Apache Brpc 0.9.6 Apache Brpc 0.9.7 Apache Brpc 0.9.8 Apache Brpc 1.0.0 Apache Brpc 1.0.1 Apache Brpc 1.1.0 Apache Brpc 1.2.0 Apache Brpc 1.3.0 Apache Brpc 1.4.0	19

Summary

Vulnerable Configurations

References