Security vulnerability in Apache bRPC <=1.6.0 on all platforms allows attackers to inject XSS code to the builtin rpcz page. An attacker that can send http request to bRPC server with rpcz enabled can inject arbitrary XSS code to the builtin rpcz page. Solution (choose one of three): 1. upgrade to bRPC > 1.6.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.6.1/ 2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch:  https://github.com/apache/brpc/pull/2411 3. disable rpcz feature
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2023-10-16T08:01:41.036Z

Updated: 2024-09-16T18:27:28.347Z

Reserved: 2023-10-12T09:28:16.458Z

Link: CVE-2023-45757

cve-icon Vulnrichment

Updated: 2024-08-02T20:29:32.439Z

cve-icon NVD

Status : Modified

Published: 2023-10-16T09:15:11.563

Modified: 2024-11-21T08:27:19.177

Link: CVE-2023-45757

cve-icon Redhat

No data.