CVE-2023-31039

CVSS V2 None CVSS V3 None
Description
Security vulnerability in Apache bRPC <1.5.0 on all platforms allows attackers to execute arbitrary code via ServerOptions::pid_file. An attacker that can influence the ServerOptions pid_file parameter with which the bRPC server is started can execute arbitrary code with the permissions of the bRPC process. Solution: 1. upgrade to bRPC >= 1.5.0, download link:  https://dist.apache.org/repos/dist/release/brpc/1.5.0/ https://dist.apache.org/repos/dist/release/brpc/1.5.0/ 2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch:  https://github.com/apache/brpc/pull/2218 https://github.com/apache/brpc/pull/2218
Overview
  • CVE ID
  • CVE-2023-31039
  • Assigner
  • security@apache.org
  • Vulnerability Status
  • Received
  • Published Version
  • 2023-05-08T09:15:09
  • Last Modified Date
  • 2023-05-08T09:15:09
History
Created Old Value New Value Data Type Notes
2023-05-08 10:00:42 Added to TrackCVE
2023-05-08 10:00:43 Weakness Enumeration new