Home > Vulnerability Database > CVE-2023-45757

Mend.io Vulnerability Database

CVE-2023-45757

Date: October 16, 2023

Security vulnerability in Apache bRPC <=1.6.0 on all platforms allows attackers to inject XSS code to the builtin rpcz page. An attacker that can send http request to bRPC server with rpcz enabled can inject arbitrary XSS code to the builtin rpcz page. Solution (choose one of three): 1. upgrade to bRPC > 1.6.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.6.1/ 2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch: https://github.com/apache/brpc/pull/2411 3. disable rpcz feature

Language: C++

Severity Score

6.1

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-45757

Url: http://www.openwall.com/lists/oss-security/2023/10/16/8

Url: https://lists.apache.org/thread/6syxv32fqgl30brfpttrk4rfsb983hl4

Url: https://www.mend.io/vulnerability-database/CVE-2023-45757

Severity Score

6.1

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-45757

Date: October 16, 2023

Language: C++

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?