CVE-2023-45757 — Cross-site Scripting in Apache Brpc

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

3.8%

top 11.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Brpc Apache Software Foundation Apache Brpc

Timeline

PublishedOct 16

Description

Security vulnerability in Apache bRPC 1.6.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.6.1/ 2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch: https://github.com/apache/brpc/pull/2411 3. disable rpcz feature

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDapache/brpc< 1.6.1

▶CVEListV5apache_software_foundation/apache_brpc0.9.0 — 1.6.0

🔴Vulnerability Details

GHSA

GHSA-rjj3-fg8r-3rr5: Security vulnerability in Apache bRPC 1↗2023-10-16

▶

CVEList

Apache bRPC: The builtin service rpcz page has an XSS attack vulnerability↗2023-10-16

▶