3 matches found
📄 Apache bRPC 1.14.0 Command Injection
Apache bRPC versions 1.14.0 and below proof of concept command injection exploit that leverages exposed pprof endpoints. ============================================================================================================================================= | Title : Apache bRPC = 1.14.0...
CVE-2025-60021
creationtimestamp| type| source ---|---|--- 2026-01-16 09:54:59+00:00| seen| https://gist.github.com/Darkcrai86/7cb32e0157692fabe0507c167262bb38 2026-01-16 10:17:08+00:00| seen| https://gist.github.com/Darkcrai86/230d855a603e36e01a81aeb953f37349 2026-01-16 11:17:47+00:00| seen|...
CVE-2025-60021 Apache bRPC: Remote command injection vulnerability in heap builtin service
Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...