Vulnerabilities

CVE-2022-35411

by Fred · 08/07/2022

rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, an unauthenticated client can cause the data to be processed with unpickle.

Date published : 2022-07-08

https://github.com/abersheeran/rpc.py/commit/491e7a841ed9a754796d6ab047a9fb16e23bf8bd

https://github.com/ehtec/rpcpy-exploit

Similar

Tags: Cybersecurity Alert