CVE-2023-45757

Name: CVE-2023-45757
Creator: NVD / NIST
Published: 2023-10-16T09:15:11.563+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.1/10EPSS 0.95%

Last modified Jun 17, 2026

CVE-2023-45757 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. Security vulnerability in Apache bRPC <=1.6.0 on all platforms allows attackers to inject XSS code to the builtin rpcz page. An attacker that can send http request to bRPC server with rpcz enabled can inject arbitrary XSS code to the builtin rpcz page. Solution (choose one of three): 1. upgrade to bRPC > 1.6.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.6.1/ 2. EPSS estimates a 0.95% chance of exploitation in the next 30 days.

Description

Security vulnerability in Apache bRPC <=1.6.0 on all platforms allows attackers to inject XSS code to the builtin rpcz page. An attacker that can send http request to bRPC server with rpcz enabled can inject arbitrary XSS code to the builtin rpcz page. Solution (choose one of three): 1. upgrade to bRPC > 1.6.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.6.1/ 2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch: https://github.com/apache/brpc/pull/2411 3. disable rpcz feature

Metrics

CVSS 3.1

6.1/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Probability

0.95%

56.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-79

Affected Software

Vendor	Product	Versions
Apache	Brpc	< 1.6.1

References

http://www.openwall.com/lists/oss-security/2023/10/16/8Mailing List, Third Party Advisory
https://lists.apache.org/thread/6syxv32fqgl30brfpttrk4rfsb983hl4Mailing List, Vendor Advisory
http://www.openwall.com/lists/oss-security/2023/10/16/8Mailing List, Third Party Advisory
https://lists.apache.org/thread/6syxv32fqgl30brfpttrk4rfsb983hl4Mailing List, Vendor Advisory

Timeline

Published: Oct 16, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2023-45757?

How severe is CVE-2023-45757?

CVE-2023-45757 has a CVSS score of 6.1/10 (MEDIUM severity). The EPSS model estimates a 0.95% probability of exploitation in the next 30 days.

How do I fix CVE-2023-45757?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-45757?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST