Описание
In RPyC before 6.0.0, when a server exposes a method that calls the attribute named array for a client-provided netref (e.g., np.array(client_netref)), a remote attacker can craft a class that results in remote code execution.
Отчет
This vulnerability doesn't affect any support Red Hat product.
Дополнительная информация
Статус:
8.5 High
CVSS3
Связанные уязвимости
In RPyC before 6.0.0, when a server exposes a method that calls the attribute named __array__ for a client-provided netref (e.g., np.array(client_netref)), a remote attacker can craft a class that results in remote code execution.
In RPyC before 6.0.0, when a server exposes a method that calls the attribute named __array__ for a client-provided netref (e.g., np.array(client_netref)), a remote attacker can craft a class that results in remote code execution.
In RPyC before 6.0.0, when a server exposes a method that calls the at ...
RPyC's missing security check results in code execution when using numpy.array on the server-side.
8.5 High
CVSS3