Описание
In RPyC before 6.0.0, when a server exposes a method that calls the attribute named __array__ for a client-provided netref (e.g., np.array(client_netref)), a remote attacker can craft a class that results in remote code execution.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| rpyc | fixed | 6.0.0-1 | package | |
| rpyc | no-dsa | bookworm | package |
Примечания
https://github.com/tomerfiliba-org/rpyc/security/advisories/GHSA-h5cg-53g7-gqjw
https://github.com/tomerfiliba-org/rpyc/issues/551
https://github.com/tomerfiliba-org/rpyc/commit/bba1d3562e6f9f1256ec64048cc23001c0bb7516 (6.0.0)
Связанные уязвимости
In RPyC before 6.0.0, when a server exposes a method that calls the attribute named __array__ for a client-provided netref (e.g., np.array(client_netref)), a remote attacker can craft a class that results in remote code execution.
In RPyC before 6.0.0, when a server exposes a method that calls the attribute named __array__ for a client-provided netref (e.g., np.array(client_netref)), a remote attacker can craft a class that results in remote code execution.
In RPyC before 6.0.0, when a server exposes a method that calls the attribute named __array__ for a client-provided netref (e.g., np.array(client_netref)), a remote attacker can craft a class that results in remote code execution.
RPyC's missing security check results in code execution when using numpy.array on the server-side.