New submission from Junyu Zhang <rgdz....@gmail.com>:
description: When we were using python to develop a distributed process service, I noticed that the default serialization parameter of Manager and ManagerBase in multiprocessing was pickl, and it didn't seem to be mentioned in the official website's documentation. This is unsafe unless our server is completely You can trust recv data, but if authkey is not set or leaked, it will cause RCE on the server side, so I applied for a CVE-ID to remind everyone to use this security issue. For details of the vulnerability and the poc code, please refer to the pdf file. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue40039> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com