CNNVD-202601-2704 Information
CNNVD ID
CNNVD-202601-2704
Related CVE
- CNNVD Published: 2026-01-16
Description (Chinese)
Apache bRPC是美国阿帕奇(Apache)基金会的用于构建可靠和高性能服务的工业级 RPC 框架。 Apache bRPC 1.15.0之前版本存在安全漏洞,该漏洞源于堆性能分析器内置服务未验证用户提供的extra_options参数,可能导致远程命令注入攻击。
Description (English)
Apache bRPC is the United States Apache Foundation ’ s industrial-grade RPC framework for building reliable and high-performance services. There was a security loophole in the pre-Apache bRPC 1.15.0 version, which originated from the non-validation of extra options parameters provided by the user of the stack performance analyser internal service, which could lead to a remote command injection attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
阿帕奇
Published
2026-01-16
Last Modified
2026-02-24
References
https://lists.apache.org/thread/xy51d2fx6drzhfp92xptsx5845q7b37m http://www.openwall.com/lists/oss-security/2026/01/16/4 https://access.redhat.com/security/cve/cve-2025-60021
Patch
https://lists.apache.org/thread/xy51d2fx6drzhfp92xptsx5845q7b37m
Share on: