GHSA-9ggp-4jpr-7ppj
Suggest an improvement- Source
- https://github.com/advisories/GHSA-9ggp-4jpr-7ppj
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/11/GHSA-9ggp-4jpr-7ppj/GHSA-9ggp-4jpr-7ppj.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-9ggp-4jpr-7ppj
- Aliases
- Withdrawn
- 2021-02-17T19:44:50Z
- Published
- 2019-11-20T01:35:53Z
- Modified
- 2024-12-06T05:39:36.478645Z
- Summary
- Duplicate Advisory: Possible remote code execution via a remote procedure call
- Details
-
Withdrawn: duplicate of GHSA-pj4g-4488-wmxm
Original Description
In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2019-11-19T03:15:00Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2019-16328
- https://github.com/advisories/GHSA-9ggp-4jpr-7ppj
- https://github.com/advisories/GHSA-pj4g-4488-wmxm
- https://github.com/pypa/advisory-database/tree/main/vulns/rpyc/PYSEC-2019-118.yaml
- https://github.com/tomerfiliba/rpyc
- https://rpyc.readthedocs.io/en/latest/docs/security.html
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00046.html
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00004.html
Affected packages
PyPI / rpyc
Package
- Name
- rpyc
- View open source insights on deps.dev
- Purl
- pkg:pypi/rpyc