Apache Brpc

6 CVEs affecting Apache Brpc. Latest disclosed: 2026-01-16. Critical: 2, High: 3.

Top CVEs affecting Apache Brpc
CVESeverityScorePublishedSummary
CVE-2025-60021Critical9.82026-01-16Remote command injection vulnerability in heap profiler builtin service in Apache bRPC ((all versions < 1.15.0)) on all platforms allows attacker to inject rem…
CVE-2023-31039Critical9.82023-05-08Security vulnerability in Apache bRPC <1.5.0 on all platforms allows attackers to execute arbitrary code via ServerOptions::pid_file. An attacker that can infl…
CVE-2025-59789High7.52025-12-01Uncontrolled recursion in the json2pb component in Apache bRPC (version < 1.15.0) on all platforms allows remote attackers to make the server crash via sending…
CVE-2025-54472High7.52025-08-14Unlimited memory allocation in redis protocol parser in Apache bRPC (all versions < 1.14.1) on all platforms allows attackers to crash the service via network…
CVE-2024-23452High7.52024-02-08Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows attacker to smuggle request. Vulnerability Cause Description…
CVE-2023-45757Medium6.12023-10-16Security vulnerability in Apache bRPC <=1.6.0 on all platforms allows attackers to inject XSS code to the builtin rpcz page. An attacker that can send http req…