Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in the Dask distributed package before 2021.10.0 for Python. Single machine Dask clusters started with dask.distributed.LocalCluster or dask.distributed.Client (which defaults to using LocalCluster) would mistakenly configure their respective Dask workers to listen on external interfaces (typically with a randomly selected high port) rather than only on localhost. A Dask cluster created using this method (when running on a machine that has an applicable port exposed) could be used by a sophisticated attacker to achieve remote code execution.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Python Dask 安全漏洞
Vulnerability Description
Python Dask是一个灵活的 Python 并行计算库。 Dask 存在安全漏洞,该漏洞源于以Dask .distributed.LocalCluster或Dask .distributed. client(默认使用LocalCluster)启动的单机Dask集群将错误地配置各自的Dask工作人员侦听外部接口(通常使用随机选择的高端口),而不是仅在本地主机上。使用此方法创建的Dask集群(当运行在公开适用端口的机器上时)可能被复杂的攻击者可利用该漏洞用于实现远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A