PyPI package
rpyc
pkg:pypi/rpyc
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-27758 | Hig | 8.4 | >= 4.0.0, < 6.0.0 | 6.0.0 | Mar 12, 2024 | In RPyC before 6.0.0, when a server exposes a method that calls the attribute named __array__ for a client-provided netref (e.g., np.array(client_netref)), a remote attacker can craft a class that results in remote code execution. | |
| CVE-2019-16328 | — | >= 4.1.0, < 4.1.1 | 4.1.1 | Oct 3, 2019 | In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings. |
- affected >= 4.0.0, < 6.0.0fixed 6.0.0
In RPyC before 6.0.0, when a server exposes a method that calls the attribute named __array__ for a client-provided netref (e.g., np.array(client_netref)), a remote attacker can craft a class that results in remote code execution.
- CVE-2019-16328Oct 3, 2019affected >= 4.1.0, < 4.1.1fixed 4.1.1
In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings.