Skip to content

6.0.0: Fixed RCE from __array__
Compare
Choose a tag to compare
@comrumino comrumino released this 23 Feb 23:46
· 24 commits to master since this release
6.0.0
0194cbd
This commit was signed with the committer’s verified signature.
comrumino James Stronz
GPG key ID: 0E6361CF3E941F19
Learn about vigilant mode.

6.0.0

Date: 2024-02-23

  • #551 Resolves security issue that results in RCE. The fix breaks backwards compatibility for those that rely on the __array__ attribute used by numpy. This RCE is only exploitable when the server-side gets the attribute __array__ and calls it (e.g., np.array(x)). This issues effects all versions since major release 4.
Assets 4
Loading