Published: 08/07/2022 Updated: 09/02/2024

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

rpc.py up to and including 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, an unauthenticated client can cause the data to be processed with unpickle.

Vulnerable Product	Search on Vulmon	Subscribe to Product
rpc.py project rpc.py

rpcpy version 060 suffers from a remote code execution vulnerability ...

Unauthenticated Remote Code Execution for rpc.py server

rpcpy-exploit Unauthenticated Remote Code Execution for rpcpy server mediumcom/@eliashohl/remote-code-execution-0-day-in-rpc-py-709c76690c30 This vulnerability was assigned CVE-2022-35411 nvdnistgov/vuln/detail/CVE-2022-35411

CWE-522 https://github.com/abersheeran/rpc.py/commit/491e7a841ed9a754796d6ab047a9fb16e23bf8bd https://github.com/ehtec/rpcpy-exploit http://packetstormsecurity.com/files/167872/rpc.py-0.6.0-Remote-Code-Execution.html https://medium.com/%40elias.hohl/remote-code-execution-0-day-in-rpc-py-709c76690c30 https://nvd.nist.gov https://github.com/ehtec/rpcpy-exploit https://packetstormsecurity.com/files/167872/rpc.py-0.6.0-Remote-Code-Execution.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-35411

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect