Upstream information
Description
In RPyC before 6.0.0, when a server exposes a method that calls the attribute named __array__ for a client-provided netref (e.g., np.array(client_netref)), a remote attacker can craft a class that results in remote code execution.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
SUSE Bugzilla entry: 1221331 [IN_PROGRESS]SUSE Security Advisories:
- openSUSE-SU-2024:0082-1, published Fri Mar 15 22:52:19 2024
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
SUSE Package Hub 15 SP5 |
| Patchnames: openSUSE-2024-82 |
openSUSE Leap 15.5 |
| Patchnames: openSUSE-2024-82 |
openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2024-13768 |
SUSE Timeline for this CVE
CVE page created: Tue Mar 12 19:00:19 2024CVE page last modified: Fri Sep 27 16:52:48 2024