CVE-2022-35411

CRITICAL

Rpc.py < 0.6.0 - Insufficiently Protected Credentials

Title source: rule

Description

rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, an unauthenticated client can cause the data to be processed with unpickle.

Exploits (5)

nomisec WORKING POC 2 stars

by CSpanias · poc

https://github.com/CSpanias/rpc-rce.py

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by fuzzlove · poc

https://github.com/fuzzlove/CVE-2022-35411

View Code ZIP pw:eip

nomisec WORKING POC

by Neo-okami · poc

https://github.com/Neo-okami/CVE-2022-35411

View Code ZIP pw:eip

github NO CODE

by Boon-Rekcah · pythonpoc

https://github.com/Boon-Rekcah/CVE-Exploits/tree/main/Python Libraries CVE/CVE-2022-35411 ( rpc.py )

View Code ZIP pw:eip

exploitdb WORKING POC

by Elias Hohl · pythonremotepython

https://www.exploit-db.com/exploits/50983

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/167872/rpc.py-0.6.0-Remote-Code-Execution.html

[Patch, Third Party Advisory] https://github.com/abersheeran/rpc.py/commit/491e7a841ed9a754796d6ab047a9fb16e23bf8bd

[Exploit, Third Party Advisory] https://github.com/ehtec/rpcpy-exploit

[Exploit] https://medium.com/%40elias.hohl/remote-code-execution-0-day-in-rpc-py-709c76690c30

Scores

CVSS v3 9.8

EPSS 0.7133

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522

Status published

Affected Products (2)

rpc.py_project/rpc.py < 0.6.0

pypi/rpc.py PyPI

Timeline

Published Jul 08, 2022

Tracked Since Feb 18, 2026