New submission from Junyu Zhang <rgdz....@gmail.com>:

description:
When we were using python to develop a distributed process service, I noticed 
that the default serialization parameter of Manager and ManagerBase in 
multiprocessing was pickl, and it didn't seem to be mentioned in the official 
website's documentation. This is unsafe unless our server is completely You can 
trust recv data, but if authkey is not set or leaked, it will cause RCE on the 
server side, so I applied for a CVE-ID to remind everyone to use this security 
issue. For details of the vulnerability and the poc code, please refer to the 
pdf file.

----------

_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue40039>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to