Debian Rpyc vulnerabilities

CVE-2024-27758 [HIGH] CVE-2024-27758: rpyc - In RPyC before 6.0.0, when a server exposes a method that calls the attribute na... In RPyC before 6.0.0, when a server exposes a method that calls the attribute named __array__ for a client-provided netref (e.g., np.array(client_netref)), a remote attacker can craft a class that results in remote code execution. Scope: local bookworm: open forky: resolved (fixed in 6.0.0-1) sid: resolved (fixed in 6.0.0-1) trixie: resolved (fixed in 6.0.0-1)

CVE-2019-16328 [HIGH] CVE-2019-16328: rpyc - In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object att... In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings. Scope: local bookworm: resolved forky: resolved sid: resolved trixie: resolved