Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2019-16328

Good to know:

icon
icon

Date: October 3, 2019

In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings.

Language: Python

Severity Score

Related Resources (10)

https://github.com/tomerfiliba/rpyc
https://github.com/tomerfiliba-org/rpyc/security/advisories/GHSA-pj4g-4488-wmxm
https://rpyc.readthedocs.io/en/latest/docs/security.html
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00046.html
https://github.com/tomerfiliba-org/rpyc
https://nvd.nist.gov/vuln/detail/CVE-2019-16328
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00004.html
https://github.com/advisories/GHSA-pj4g-4488-wmxm
https://github.com/advisories/GHSA-9ggp-4jpr-7ppj
https://www.mend.io/vulnerability-database/CVE-2019-16328

Severity Score

Weakness Type (CWE)

Improper Authorization

CWE-285

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-1321

Missing Authorization

CWE-862

Improperly Controlled Modification of Dynamically-Determined Object Attributes

CWE-915

Top Fix

icon

Upgrade Version

Upgrade to version rpyc - 4.1.2;rpyc - 4.1.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): HIGH
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us