CVE-2022-35411

rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the serializer: pickle HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, an unauthenticated client can cause the data to be processed with unpickle.

Weakness

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Affected Software

Potential Mitigations

Related Attack Patterns

• https://cwe.mitre.org/data/definitions/102.html
• https://cwe.mitre.org/data/definitions/474.html
• https://cwe.mitre.org/data/definitions/50.html
• https://cwe.mitre.org/data/definitions/509.html
• https://cwe.mitre.org/data/definitions/551.html
• https://cwe.mitre.org/data/definitions/555.html
• https://cwe.mitre.org/data/definitions/560.html
• https://cwe.mitre.org/data/definitions/561.html
• https://cwe.mitre.org/data/definitions/600.html
• https://cwe.mitre.org/data/definitions/644.html
• https://cwe.mitre.org/data/definitions/645.html
• https://cwe.mitre.org/data/definitions/652.html
• https://cwe.mitre.org/data/definitions/653.html

References

• http://packetstormsecurity.com/files/167872/rpc.py-0.6.0-Remote-Code-Execution.html
• https://github.com/abersheeran/rpc.py/commit/491e7a841ed9a754796d6ab047a9fb16e23bf8bd
• https://github.com/ehtec/rpcpy-exploit
• https://medium.com/%40elias.hohl/remote-code-execution-0-day-in-rpc-py-709c76690c30
• http://packetstormsecurity.com/files/167872/rpc.py-0.6.0-Remote-Code-Execution.html
• https://github.com/abersheeran/rpc.py/commit/491e7a841ed9a754796d6ab047a9fb16e23bf8bd
• https://github.com/ehtec/rpcpy-exploit
• https://medium.com/%40elias.hohl/remote-code-execution-0-day-in-rpc-py-709c76690c30