Описание
In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| rpyc | not-affected | package |
Примечания
Issue only affected 4.1.0 and 4.1.1 upstream and fixed in 4.1.2
https://rpyc.readthedocs.io/en/latest/docs/security.html#security
Связанные уязвимости
In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings.
In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings.
Dynamic modification of RPyC service due to missing security check