High severity8.4OSV Advisory· Published Mar 12, 2024· Updated Apr 15, 2026
CVE-2024-27758
CVE-2024-27758
Description
In RPyC before 6.0.0, when a server exposes a method that calls the attribute named __array__ for a client-provided netref (e.g., np.array(client_netref)), a remote attacker can craft a class that results in remote code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
rpycPyPI | >= 4.0.0, < 6.0.0 | 6.0.0 |
Affected products
6- Range: 3.4.4, 4.0.0, 4.0.1, …
- ghsa-coords5 versionspkg:pypi/rpycpkg:rpm/opensuse/python-rpyc&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/python-rpyc-test&distro=openSUSE%20Leap%2015.5pkg:rpm/suse/python-rpyc&distro=SUSE%20Package%20Hub%2015%20SP5pkg:rpm/suse/python-rpyc-test&distro=SUSE%20Package%20Hub%2015%20SP5
>= 4.0.0, < 6.0.0+ 4 more
- (no CPE)range: >= 4.0.0, < 6.0.0
- (no CPE)range: < 4.1.5-bp155.3.3.1
- (no CPE)range: < 4.1.5-bp155.3.3.1
- (no CPE)range: < 4.1.5-bp155.3.3.1
- (no CPE)range: < 4.1.5-bp155.3.3.1
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-h5cg-53g7-gqjwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-27758ghsaADVISORY
- gist.github.com/renbou/957f70d27470982994f12a1d70153d09nvdWEB
- github.com/pypa/advisory-database/tree/main/vulns/rpyc/PYSEC-2024-44.yamlghsaWEB
- github.com/tomerfiliba-org/rpyc/blob/5.3.1/rpyc/core/netref.pyghsaWEB
- github.com/tomerfiliba-org/rpyc/commit/9f45f8269d4106905db61d82cd529cacdb178911ghsaWEB
- github.com/tomerfiliba-org/rpyc/commit/bba1d3562e6f9f1256ec64048cc23001c0bb7516ghsaWEB
- github.com/tomerfiliba-org/rpyc/security/advisories/GHSA-h5cg-53g7-gqjwnvdWEB
News mentions
0No linked articles in our index yet.