CVE-2024-27758

Published: Mar 12, 2024

Modified: Aug 2, 2024

PUBLISHED

Description

In RPyC before 6.0.0, when a server exposes a method that calls the attribute named __array__ for a client-provided netref (e.g., np.array(client_netref)), a remote attacker can craft a class that results in remote code execution.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://gist.github.com/renbou/957f70d27470982994f12a1d70153d09

https://github.com/tomerfiliba-org/rpyc/security/advisories/GHSA-h5cg-53g7-gqjw

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-27758

Description

Affected Products

References