PT-2019-14629 · Rpyc+1 · Rpyc+1

Publicado

2019-10-03

Atualizado

2024-07-12

CVE-2019-16328

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions RPyC versions 4.1.x through 4.1.1

Description A remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings.

Recommendations For RPyC versions 4.1.x through 4.1.1, consider disabling remote procedure calls until a patch is available. Restrict access to the RPyC service to minimize the risk of exploitation. Avoid using default configuration settings for the RPyC service until the issue is resolved.

Exploit

Correção

Prototype Pollution

Improper Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-1321CWE-285

Identificadores relacionados

CVE-2019-16328

GHSA-9GGP-4JPR-7PPJ

GHSA-PJ4G-4488-WMXM

OPENSUSE-SU-2020:0685-1

OPENSUSE-SU-2020:0763-1

OPENSUSE-SU-2020_0685-1

OPENSUSE-SU-2024:11268-1

OPENSUSE-SU-2024:14162-1

PYSEC-2019-118

Produtos afetados

Rpyc

Suse

PT-2019-14629 · Rpyc+1 · Rpyc+1

CVE-2019-16328

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 25