nvd-json-data-feeds/CVE-2023/CVE-2023-310xx/CVE-2023-31039.json

{
  "id": "CVE-2023-31039",
  "sourceIdentifier": "security@apache.org",
  "published": "2023-05-08T09:15:09.637",
  "lastModified": "2023-05-08T09:15:09.637",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
      "value": "Security vulnerability\u00a0in Apache bRPC <1.5.0 on all platforms allows attackers to execute arbitrary code via ServerOptions::pid_file.\nAn attacker that can influence the ServerOptions pid_file parameter with which the bRPC server is started can execute arbitrary code with the permissions of the bRPC process.\n\nSolution:\n1. upgrade to bRPC >= 1.5.0, download link:\u00a0 https://dist.apache.org/repos/dist/release/brpc/1.5.0/ https://dist.apache.org/repos/dist/release/brpc/1.5.0/ \n2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch:\u00a0 https://github.com/apache/brpc/pull/2218 https://github.com/apache/brpc/pull/2218 "
    }
  ],
  "metrics": {},
  "weaknesses": [
    {
      "source": "security@apache.org",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://lists.apache.org/thread/jqpttrqbc38yhckgp67xk399hqxnz7jn",
      "source": "security@apache.org"
    }
  ]
}
Auto-Update: 2023-05-08T10:00:23.981472+00:00 2023-05-08 12:00:26 +02:00			`{`
			`"id": "CVE-2023-31039",`
			`"sourceIdentifier": "security@apache.org",`
			`"published": "2023-05-08T09:15:09.637",`
			`"lastModified": "2023-05-08T09:15:09.637",`
			`"vulnStatus": "Received",`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			"value": "Security vulnerability\u00a0in Apache bRPC <1.5.0 on all platforms allows attackers to execute arbitrary code via ServerOptions::pid_file.\nAn attacker that can influence the ServerOptions pid_file parameter with which the bRPC server is started can execute arbitrary code with the permissions of the bRPC process.\n\nSolution:\n1. upgrade to bRPC >= 1.5.0, download link:\u00a0 https://dist.apache.org/repos/dist/release/brpc/1.5.0/ https://dist.apache.org/repos/dist/release/brpc/1.5.0/ \n2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch:\u00a0 https://github.com/apache/brpc/pull/2218 https://github.com/apache/brpc/pull/2218 "
			`}`
			`],`
			`"metrics": {},`
			`"weaknesses": [`
			`{`
			`"source": "security@apache.org",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-20"`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "https://lists.apache.org/thread/jqpttrqbc38yhckgp67xk399hqxnz7jn",`
			`"source": "security@apache.org"`
			`}`
			`]`
			`}`