In RPyC before 6.0.0, when a server exposes a method that calls the attribute named __array__ for a client-provided netref (e.g., np.array(client_netref)), a remote attacker can craft a class that results in remote code execution.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-03-12T00:00:00

Updated: 2024-08-02T00:34:52.544Z

Reserved: 2024-02-26T00:00:00

Link: CVE-2024-27758

cve-icon Vulnrichment

Updated: 2024-07-25T19:54:32.272Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-03-12T16:15:08.600

Modified: 2024-08-01T13:48:45.070

Link: CVE-2024-27758

cve-icon Redhat

Severity : Important

Publid Date: 2024-03-12T00:00:00Z

Links: CVE-2024-27758 - Bugzilla