Author Junyu Zhang
Recipients Junyu Zhang
Date 2020-03-22.05:58:16
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1584856696.55.0.228869164986.issue40039@roundup.psfhosted.org>
In-reply-to
Content
description:
When we were using python to develop a distributed process service, I noticed that the default serialization parameter of Manager and ManagerBase in multiprocessing was pickl, and it didn't seem to be mentioned in the official website's documentation. This is unsafe unless our server is completely You can trust recv data, but if authkey is not set or leaked, it will cause RCE on the server side, so I applied for a CVE-ID to remind everyone to use this security issue. For details of the vulnerability and the poc code, please refer to the pdf file.
History
Date User Action Args
2020-03-22 05:58:16Junyu Zhangsetrecipients: + Junyu Zhang
2020-03-22 05:58:16Junyu Zhangsetmessageid: <1584856696.55.0.228869164986.issue40039@roundup.psfhosted.org>
2020-03-22 05:58:16Junyu Zhanglinkissue40039 messages
2020-03-22 05:58:16Junyu Zhangcreate