CVE-2023-31039

Name of the Vulnerable Software and Affected Versions Apache bRPC versions prior to 1.5.0

Description A security issue in Apache bRPC allows attackers to execute arbitrary code via the pid file parameter in ServerOptions. This can be exploited by an attacker who can influence the pid file parameter when the bRPC server is started, resulting in arbitrary code execution with the permissions of the bRPC process.

Recommendations For Apache bRPC versions prior to 1.5.0, upgrade to bRPC version 1.5.0 or later. If upgrading is difficult, apply the patch available at https://github.com/apache/brpc/pull/2218 as a temporary solution.