CVE-2023-45757: Apache bRPC: The builtin service rpcz page has an XSS attack vulnerability

CVE-2023-45757: Apache bRPC: The builtin service rpcz page has an XSS attack vulnerability

Open Source Security 

Posted by Wang Weibing on Oct 16

Severity: important

Affected versions:

– Apache bRPC 0.9.0 through 1.6.0

Description:

Security vulnerability in Apache bRPC <=1.6.0 on all platforms allows attackers to inject XSS code to the builtin rpcz
page.
An attacker that can send http request to bRPC server with rpcz enabled can inject arbitrary XSS code to the builtin
rpcz page.

Solution (choose one of three):
1. upgrade to bRPC > 1.6.0, download link:…
 Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert