In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings. Reference: https://rpyc.readthedocs.io/en/latest/docs/security.html
Created python-rpyc tracking bugs for this issue: Affects: fedora-all [bug 1773722]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.