CVE-2025-59789
- EPSS 0.63%
- Veröffentlicht 01.12.2025 10:22:41
- Zuletzt bearbeitet 02.12.2025 14:39:47
Uncontrolled recursion in the json2pb component in Apache bRPC (version < 1.15.0) on all platforms allows remote attackers to make the server crash via sending deep recursive json data. Root Cause: The bRPC json2pb component uses rapidjson to parse ...
CVE-2025-54472
- EPSS 0.16%
- Veröffentlicht 14.08.2025 09:05:38
- Zuletzt bearbeitet 04.11.2025 22:16:28
Unlimited memory allocation in redis protocol parser in Apache bRPC (all versions < 1.14.1) on all platforms allows attackers to crash the service via network. Root Cause: In the bRPC Redis protocol parser code, memory for arrays or strings of cor...
CVE-2024-23452
- EPSS 0.32%
- Veröffentlicht 08.02.2024 09:15:46
- Zuletzt bearbeitet 04.06.2025 16:15:31
Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows attacker to smuggle request. Vulnerability Cause Description: The http_parser does not comply with the RFC-7230 HTTP 1.1 specification. Attack scenar...
CVE-2023-45757
- EPSS 3.82%
- Veröffentlicht 16.10.2023 09:15:11
- Zuletzt bearbeitet 21.11.2024 08:27:19
Security vulnerability in Apache bRPC <=1.6.0 on all platforms allows attackers to inject XSS code to the builtin rpcz page. An attacker that can send http request to bRPC server with rpcz enabled can inject arbitrary XSS code to the builtin rpcz pag...
CVE-2023-31039
- EPSS 0.32%
- Veröffentlicht 08.05.2023 09:15:09
- Zuletzt bearbeitet 21.11.2024 08:01:18
Security vulnerability in Apache bRPC <1.5.0 on all platforms allows attackers to execute arbitrary code via ServerOptions::pid_file. An attacker that can influence the ServerOptions pid_file parameter with which the bRPC server is started can execut...