4 matches found
CVE-2025-60021
Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...
CVE-2025-60021 Apache bRPC: Remote command injection vulnerability in heap builtin service
Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...
CVE-2025-60021 Apache bRPC: Remote command injection vulnerability in heap builtin service
Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...
PT-2026-3235
Apache bRPC and Affected Versions Apache bRPC versions prior to 1.15.0 Description Apache bRPC contains a remote command injection flaw in the heap profiler built-in service. The /pprof/heap endpoint does not properly validate the extra options parameter, allowing attackers to execute arbitrary...