CVE-2024-27758

Name of the Vulnerable Software and Affected Versions RPyC versions prior to 6.0.0

Description The issue is related to the netref component of the RPyC Python library, which has an incorrect security check for standard elements. This can allow a remote attacker to execute arbitrary code by crafting a class that exploits the vulnerability when a server exposes a method calling the array attribute for a client-provided netref, such as np.array(client netref).

Recommendations For versions prior to 6.0.0, update to version 6.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to methods that call the array attribute for client-provided netrefs until a patch is applied. Avoid using the np.array(client netref) function in affected API endpoints until the issue is resolved.