Malicious code in projz-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 196ea7ee7277857a29c8478e6908961bde9f28aa136c3e6ae68412ba4b67bff0 The package routes authentication-related calls through a hardcoded third-party HTTP endpoint and then unpickles the server's raw response, which is ...

rpc.py vulnerable to Deserialization of Untrusted Data

rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON not Pickle is the default data format, an unauthenticated client can cause the data to be processed with unpickle. Per the maintainer, rpc....

GHSA-8RQ8-F485-7V8X rpc.py vulnerable to Deserialization of Untrusted Data

rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON not Pickle is the default data format, an unauthenticated client can cause the data to be processed with unpickle. Per the maintainer, rpc....

CVE-2022-35411

rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON not Pickle is the default data format, an unauthenticated client can cause the data to be processed with unpickle...

CVE-2022-35411

rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON not Pickle is the default data format, an unauthenticated client can cause the data to be processed with unpickle...

Remote code execution

rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON not Pickle is the default data format, an unauthenticated client can cause the data to be processed with unpickle...

CVE-2022-35411

rpc.py CVE-2022-35411 allows unauthenticated RCE via HTTP header serializer: pickle, triggering Python pickle deserialization in rpc.py up to v0.6.0. Affected versions are cited as v0.4.2–v0.6.0; exploits and demonstrations exist (e.g., PacketsStorm, Exploit-DB). Public exploitation code targets ...

rpc.py 代码问题漏洞

rpc.py is a fast and powerful ASGI/WSGI-based RPC framework for individual developers in Aber, China. A security vulnerability exists in rpc.py version 0.6.0 and earlier. An attacker exploited the vulnerability to process data using unpickle...

Moderate: Red Hat Security Advisory: rh-python36-python security, bug fix, and enhancement update

An update for rh-python36-python is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2019-17080

mintinstall aka Software Manager 7.9.9 for Linux Mint allows code execution if a REVIEWSCACHE file is controlled by an attacker, because an unpickle occurs. This is resolved in 8.0.0 and backports...

CVE-2017-10803

In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated privileged users to execute arbitrary Python code, because unpickle is used...