CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2021-42343

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1440%
EPSS Percentile19.50th
Published2021年10月26日
Last Modified2024年11月21日

Vulnerability Description

An issue was discovered in the Dask distributed package before 2021.10.0 for Python. Single machine Dask clusters started with dask.distributed.LocalCluster or dask.distributed.Client (which defaults to using LocalCluster) would mistakenly configure their respective Dask workers to listen on external interfaces (typically with a randomly selected high port) rather than only on localhost. A Dask cluster created using this method (when running on a machine that has an applicable port exposed) could be used by a sophisticated attacker to achieve remote code execution.

Affected Platforms (CPE)

📦
Anaconda

Dask

< 2021.10.0

References & Advisories

🔗 https://docs.dask.org/en/latest/changelog.html
🔗 https://github.com/dask/dask/tags
🔗 https://github.com/dask/distributed/security/advisories/GHSA-hwqr-f3v9-hwxr
🔗 https://docs.dask.org/en/latest/changelog.html
🔗 https://github.com/dask/dask/tags
🔗 https://github.com/dask/distributed/security/advisories/GHSA-hwqr-f3v9-hwxr

相關漏洞威脅

CVE-2021-2196110.0

A stack-based buffer overflow vulnerability exists in the NBNS functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A ...

CVE-2021-4643310.0

In fenom 2.12.1 and before, there is a way in fenom/src/Fenom/Template.php function getTemplateCode()to bypass sandbox to execute ...

CVE-2021-2196010.0

A stack-based buffer overflow vulnerability exists in both the LLMNR functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3....

CVE-2021-4625010.0

An issue in SOA2Login::commented of ScratchOAuth2 before commit a91879bd58fa83b09283c0708a1864cdf067c64a allows attackers to authe...

CVE-2021-42343 Detail & Impact Analysis | CVSS 9.8 (CRITICAL) | Cyber-Sec.Space | Cyber-Sec.Space