CVE-2024-27758

Опубликовано: 12 мар. 2024

Источник: nvd

CVSS3: 8.4

EPSS Низкий

Описание

In RPyC before 6.0.0, when a server exposes a method that calls the attribute named array for a client-provided netref (e.g., np.array(client_netref)), a remote attacker can craft a class that results in remote code execution.

Ссылки

EPSS

Процентиль: 87%

0.03141

Низкий

8.4 High

CVSS3

Дефекты

CWE-306

Связанные уязвимости

CVE-2024-27758

CVSS3: 8.4

ubuntu

почти 2 года назад

In RPyC before 6.0.0, when a server exposes a method that calls the attribute named __array__ for a client-provided netref (e.g., np.array(client_netref)), a remote attacker can craft a class that results in remote code execution.

CVE-2024-27758

CVSS3: 8.5

redhat

почти 2 года назад

CVE-2024-27758

CVSS3: 8.4

debian

почти 2 года назад

In RPyC before 6.0.0, when a server exposes a method that calls the at ...

openSUSE-SU-2024:0082-1

suse-cvrf

почти 2 года назад

Security update for python-rpyc

GHSA-h5cg-53g7-gqjw

CVSS3: 8.5

github

почти 2 года назад

RPyC's missing security check results in code execution when using numpy.array on the server-side.

EPSS

Процентиль: 87%

0.03141

Низкий

8.4 High

CVSS3

Дефекты

CWE-306