In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-10-03T19:51:43

Updated: 2024-08-05T01:10:41.682Z

Reserved: 2019-09-15T00:00:00

Link: CVE-2019-16328

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2019-10-03T20:15:10.260

Modified: 2022-12-02T19:24:12.687

Link: CVE-2019-16328

cve-icon Redhat

No data.