Overview

File CVE-2024-27758.patch of Package python-rpyc

Index: rpyc-4.1.5/rpyc/core/netref.py
===================================================================
--- rpyc-4.1.5.orig/rpyc/core/netref.py
+++ rpyc-4.1.5/rpyc/core/netref.py
@@ -265,6 +265,9 @@ def _make_method(name, doc):
         def __array__(self):
             # Note that protocol=-1 will only work between python
             # interpreters of the same version.
+            if not object.__getattribute__(self,'____conn__')._config["allow_pickle"]:
+                # Security check that server side allows pickling per #551
+                raise ValueError("pickling is disabled")
             return pickle.loads(syncreq(self, consts.HANDLE_PICKLE, -1))
         __array__.__doc__ = doc
         return __array__
openSUSE Build Service is sponsored by
Places