RSS   Vulnerabilities for 'Rpc.py'   RSS

2022-07-08
 
CVE-2022-35411

NVD-CWE-noinfo
 

 
rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, an unauthenticated client can cause the data to be processed with unpickle.

 


Copyright 2024, cxsecurity.com

 

Back to Top