Homepage
About Snyk

org.apache.xmlrpc:xmlrpc-client@3.1.1 vulnerabilities

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.apache.xmlrpc:xmlrpc-client package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • C
Deserialization of Untrusted Data

org.apache.xmlrpc:xmlrpc-client is a Java implementation of XML-RPC, a popular protocol that uses XML over HTTP to implement remote procedure calls

Affected versions of this package are vulnerable to Deserialization of Untrusted Data. A flaw was discovered where the XMLRPC client implementation performed deserialization of the server-side exception serialized in the faultCause attribute of XMLRPC error response messages. A malicious or compromised XMLRPC server could possibly use this flaw to execute arbitrary code with the privileges of an application using the Apache XMLRPC client library.

How to fix Deserialization of Untrusted Data?

There is no fixed version for org.apache.xmlrpc:xmlrpc-client.

[3.1,)
Go back to all versions of this package