High severity8.4NVD Advisory· Published Mar 12, 2024· Updated Apr 15, 2026
CVE-2024-27758
CVE-2024-27758
Description
In RPyC before 6.0.0, when a server exposes a method that calls the attribute named __array__ for a client-provided netref (e.g., np.array(client_netref)), a remote attacker can craft a class that results in remote code execution.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
rpycPyPI | >= 4.0.0, < 6.0.0 | 6.0.0 |
Patches
30194cbdf6992bba1d3562e6fFixed #551 by validating the server side is configured to allow pickle
1 file changed · +3 −0
rpyc/core/netref.py+3 −0 modified@@ -251,6 +251,9 @@ def method(self, start, stop, *args): def __array__(self): # Note that protocol=-1 will only work between python # interpreters of the same version. + if not object.__getattribute__(self,'____conn__')._config["allow_pickle"]: + # Security check that server side allows pickling per #551 + raise ValueError("pickling is disabled") return pickle.loads(syncreq(self, consts.HANDLE_PICKLE, -1)) __array__.__doc__ = doc return __array__
9f45f8269d41Fix copying numpy arrays from netrefs
1 file changed · +9 −7
rpyc/core/netref.py+9 −7 modified@@ -21,7 +21,6 @@ '__init__', '__metaclass__', '__module__', '__new__', '__reduce__', '__reduce_ex__', '__repr__', '__setattr__', '__slots__', '__str__', '__weakref__', '__dict__', '__members__', '__methods__', '__exit__', - '__array__', ]) | _deleted_netref_attrs """the set of attributes that are local to the netref object""" @@ -152,6 +151,8 @@ def __getattribute__(self, name): return object.__getattribute__(self, name) elif name == "__call__": # IronPython issue #10 return object.__getattribute__(self, "__call__") + elif name == "__array__": + return object.__getattribute__(self, "__array__") else: return syncreq(self, consts.HANDLE_GETATTR, name) def __getattr__(self, name): @@ -186,12 +187,6 @@ def __exit__(self, exc, typ, tb): def __reduce_ex__(self, proto): return pickle.loads, (syncreq(self, consts.HANDLE_PICKLE, proto),) - # This is not strictly necessary, but a performance optimization: - # Note that protocol=-1 will only work between python interpreters of the - # same version: - def __array__(self): - return pickle.loads(syncreq(self, consts.HANDLE_PICKLE, -1)) - def _make_method(name, doc): """creates a method with the given name and docstring that invokes @@ -214,6 +209,13 @@ def method(self, start, stop, *args): method.__name__ = name method.__doc__ = doc return method + elif name == "__array__": + def __array__(self): + # Note that protocol=-1 will only work between python + # interpreters of the same version. + return pickle.loads(syncreq(self, consts.HANDLE_PICKLE, -1)) + __array__.__doc__ = doc + return __array__ else: def method(_self, *args, **kwargs): kwargs = tuple(kwargs.items())
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- github.com/advisories/GHSA-h5cg-53g7-gqjwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-27758ghsaADVISORY
- gist.github.com/renbou/957f70d27470982994f12a1d70153d09nvdWEB
- github.com/pypa/advisory-database/tree/main/vulns/rpyc/PYSEC-2024-44.yamlghsaWEB
- github.com/tomerfiliba-org/rpyc/blob/5.3.1/rpyc/core/netref.pyghsaWEB
- github.com/tomerfiliba-org/rpyc/commit/9f45f8269d4106905db61d82cd529cacdb178911ghsaWEB
- github.com/tomerfiliba-org/rpyc/commit/bba1d3562e6f9f1256ec64048cc23001c0bb7516ghsaWEB
- github.com/tomerfiliba-org/rpyc/security/advisories/GHSA-h5cg-53g7-gqjwnvdWEB
News mentions
0No linked articles in our index yet.