A critical remote command-injection vulnerability has been discovered in Apache bRPC’s built-in heap profiler service, affecting all versions before 1.15.0 across all platforms.

The vulnerability allows unauthenticated attackers to execute arbitrary system commands by manipulating the profiler’s parameter validation mechanisms.

news

A critical remote command-injection vulnerability has been discovered in Apache bRPC’s built-in heap profiler service, affecting all versions before 1.15.0 across all platforms.

The vulnerability allows unauthenticated attackers to execute arbitrary system commands by manipulating the profiler’s parameter validation mechanisms.