CVE-2022-35411
- Reference to the description:
- Description:
- rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, an unauthenticated client can cause the data to be processed with unpickle.
- Last updated date:
- 02/09/2024
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 07/16/2022
- Reference url to background
https://medium.com/@elias.hohl/remote-code-execution-0-day-in-rpc-py-709c76690c30
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 11/05/2022
- Reference url to background
http://packetstormsecurity.com/files/167872/rpc.py-0.6.0-Remote-Code-Execution.html
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 02/09/2024
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 02/09/2024
- Reference url to background
https://medium.com/%40elias.hohl/remote-code-execution-0-day-in-rpc-py-709c76690c30