Vulnerability CVE-2022-35411


Published: 2022-07-08

Description:
rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, an unauthenticated client can cause the data to be processed with unpickle.

See advisories in our WLB2 database:
Topic
Author
Date
High
rpc.py 0.6.0 Remote Code Execution
Elias Hohl
02.08.2022

Type:

NVD-CWE-noinfo

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Rpc.py project -> Rpc.py 

 References:
https://medium.com/@elias.hohl/remote-code-execution-0-day-in-rpc-py-709c76690c30
https://github.com/abersheeran/rpc.py/commit/491e7a841ed9a754796d6ab047a9fb16e23bf8bd
https://github.com/ehtec/rpcpy-exploit

Copyright 2024, cxsecurity.com

 

Back to Top