Apache Brpc
6 CVEs affecting Apache Brpc. Latest disclosed: 2026-01-16. Critical: 2, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-60021 | Critical | 9.8 | 2026-01-16 | Remote command injection vulnerability in heap profiler builtin service in Apache bRPC ((all versions < 1.15.0)) on all platforms allows attacker to inject rem… |
CVE-2023-31039 | Critical | 9.8 | 2023-05-08 | Security vulnerability in Apache bRPC <1.5.0 on all platforms allows attackers to execute arbitrary code via ServerOptions::pid_file. An attacker that can infl… |
CVE-2025-59789 | High | 7.5 | 2025-12-01 | Uncontrolled recursion in the json2pb component in Apache bRPC (version < 1.15.0) on all platforms allows remote attackers to make the server crash via sending… |
CVE-2025-54472 | High | 7.5 | 2025-08-14 | Unlimited memory allocation in redis protocol parser in Apache bRPC (all versions < 1.14.1) on all platforms allows attackers to crash the service via network… |
CVE-2024-23452 | High | 7.5 | 2024-02-08 | Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows attacker to smuggle request. Vulnerability Cause Description… |
CVE-2023-45757 | Medium | 6.1 | 2023-10-16 | Security vulnerability in Apache bRPC <=1.6.0 on all platforms allows attackers to inject XSS code to the builtin rpcz page. An attacker that can send http req… |