cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-23452,https://securityvulnerability.io/vulnerability/CVE-2024-23452,Request Smuggling Vulnerability in Apache bRPC 0.9.5~1.7.0,"A request smuggling vulnerability exists in the HTTP server component of Apache bRPC versions 0.9.5 to 1.7.0 across all platforms. This issue is primarily caused by the improper handling of HTTP headers, wherein both Transfer-Encoding and Content-Length header fields can be present in a single HTTP request. Such a request may suggest malicious attempts at request smuggling or response splitting. When an Apache bRPC server is misconfigured to handle persistent connections under these conditions, an attacker could exploit this vulnerability to inject unauthorized requests into connections meant for the backend server. The vulnerability arises due to non-compliance with the RFC-7230 specification for HTTP/1.1. To mitigate the risk associated with this vulnerability, it is recommended to upgrade to Apache bRPC version 1.8.0 or later, where this issue has been addressed.",Apache,Apache bRPC,7.5,HIGH,0.0017600000137463212,false,,false,false,false,,,false,false,,2024-02-08T09:00:04.809Z,0
CVE-2023-45757,https://securityvulnerability.io/vulnerability/CVE-2023-45757,Apache bRPC: The builtin service rpcz page has an XSS attack vulnerability,"Security vulnerability in Apache bRPC <=1.6.0 on all platforms allows attackers to inject XSS code to the builtin rpcz page.
An attacker that can send http request to bRPC server with rpcz enabled can inject arbitrary XSS code to the builtin rpcz page.

Solution (choose one of three):
1. upgrade to bRPC > 1.6.0, download link:  https://dist.apache.org/repos/dist/release/brpc/1.6.1/ 
2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch:  https://github.com/apache/brpc/pull/2411 
3. disable rpcz feature",Apache,Apache Brpc,6.1,MEDIUM,0.0028299998957663774,false,,false,false,false,,,false,false,,2023-10-16T09:15:00.000Z,0
CVE-2023-31039,https://securityvulnerability.io/vulnerability/CVE-2023-31039,Apache bRPC: ServerOptions.pid_file may cause arbitrary code execution,"A security vulnerability exists in Apache bRPC versions below 1.5.0, where an attacker can manipulate the ServerOptions::pid_file parameter to execute arbitrary code with the privileges of the bRPC process. This flaw poses significant security risks for applications utilizing the affected software. It is recommended to update to bRPC version 1.5.0 or later to mitigate this risk. For those unable to upgrade, applying the provided patch can offer temporary relief against potential exploitation.",Apache,Apache Brpc,9.8,CRITICAL,0.002580000087618828,false,,false,false,false,,,false,false,,2023-05-08T09:15:00.000Z,0