CVE-2019-16328: Improperly Controlled Modification of Dynamically-Determined Object Attributes

February 17, 2021 (updated September 27, 2021)

In RPyC, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings.

References

github.com/advisories/GHSA-pj4g-4488-wmxm
github.com/tomerfiliba-org/rpyc/security/advisories/GHSA-pj4g-4488-wmxm

Detect and mitigate CVE-2019-16328 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →