[issue40039] [CVE-2020-10796] Python multiprocessing Remote Code Execution vulnerability
Karthikeyan Singaravelan
report at bugs.python.org
Sun Mar 22 04:15:17 EDT 2020
Karthikeyan Singaravelan <tir.karthi at gmail.com> added the comment:
Thanks for the report. Is this a case of the warning below?
https://docs.python.org/3.8/library/multiprocessing.html#multiprocessing.connection.Connection.recv
> Warning The Connection.recv() method automatically unpickles the data it receives, which can be a security risk unless you can trust the process which sent the message.
> Therefore, unless the connection object was produced using Pipe() you should only use the recv() and send() methods after performing some sort of authentication. See Authentication keys.
----------
nosy: +xtreak
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue40039>
_______________________________________
More information about the Python-bugs-list
mailing list