PT-2023-29673 · Apache · Apache Brpc

Wang Weibing

Publicado

2023-10-16

Atualizado

2023-10-19

CVE-2023-45757

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Apache bRPC versions <=1.6.0

Description A security issue allows attackers to inject arbitrary XSS code into the builtin rpcz page of Apache bRPC. This can be exploited by an attacker who can send HTTP requests to a bRPC server with rpcz enabled.

Recommendations For Apache bRPC versions <=1.6.0, consider one of the following solutions:

Upgrade to bRPC > 1.6.0.
Apply the patch available at https://github.com/apache/brpc/pull/2411 if upgrading is not feasible.
Disable the rpcz feature as a temporary workaround.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-45757

Produtos afetados

Apache Brpc

PT-2023-29673 · Apache · Apache Brpc

CVE-2023-45757

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5