Lucene search
HistoryMar 12, 2024 - 4:15 p.m.
CVE-2024-27758
rpyc
server
vulnerability
attribute
remote code execution
CVSS3
8.4
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7.2
Confidence
Low
EPSS
0
Percentile
9.0%
In RPyC before 6.0.0, when a server exposes a method that calls the attribute named array for a client-provided netref (e.g., np.array(client_netref)), a remote attacker can craft a class that results in remote code execution.
Related
osv
osv
RPyC's missing security check results in code execution when using numpy.array on the server-side.
2024-03-06 17:05:30
PYSEC-2024-44
2024-03-12 16:15:00
CVE-2024-27758
2024-03-12 16:15:08
debiancve
debiancve
CVE-2024-27758
2024-03-12 16:15:08
openvas
openvas
openSUSE: Security Advisory for python (openSUSE-SU-2024:0082-1)
2024-03-25 00:00:00
cvelist
cvelist
CVE-2024-27758
2024-03-12 00:00:00
ubuntucve
ubuntucve
CVE-2024-27758
2024-03-12 00:00:00
vulnrichment
vulnrichment
CVE-2024-27758
2024-03-12 00:00:00
nessus
nessus
openSUSE 15 Security Update : python-rpyc (openSUSE-SU-2024:0082-1)
2024-03-16 00:00:00
prion
prion
Remote code execution
2024-03-12 16:15:00
veracode
veracode
Arbitrary Code Execution
2024-03-07 07:10:43
redhatcve
redhatcve
CVE-2024-27758
2024-03-12 20:08:08
cve
cve
CVE-2024-27758
2024-03-12 16:15:08
github
github
CVSS3
8.4
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7.2
Confidence
Low
EPSS
0
Percentile
9.0%
Related for NVD:CVE-2024-27758