CVE-2022-35411

rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, an unauthenticated client can cause the data to be processed with unpickle.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
rpc.py_projectrpc.py
0.4.2 ≤
𝑥
≤ 0.6.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/167872/rpc.py-0.6.0-Remote-Code-Execution.html
https://github.com/abersheeran/rpc.py/commit/491e7a841ed9a754796d6ab047a9fb16e23bf8bd
https://github.com/ehtec/rpcpy-exploit
https://medium.com/%40elias.hohl/remote-code-execution-0-day-in-rpc-py-709c76690c30
http://packetstormsecurity.com/files/167872/rpc.py-0.6.0-Remote-Code-Execution.html
https://github.com/abersheeran/rpc.py/commit/491e7a841ed9a754796d6ab047a9fb16e23bf8bd
https://github.com/ehtec/rpcpy-exploit
https://medium.com/%40elias.hohl/remote-code-execution-0-day-in-rpc-py-709c76690c30