3.1.3
19 years ago
15 years ago
Known vulnerabilities in the org.apache.xmlrpc:xmlrpc package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
org.apache.xmlrpc:xmlrpc is a Java implementation of XML-RPC, a popular protocol that uses XML over HTTP to implement remote procedure calls. Compared to SOAP, or JAX-RPC, it is stable, much simpler and easier to handle. Version 3 of Apache XML-RPC introduces several important vendor extensions over the original XML-RPC specification. Affected versions of this package are vulnerable to Deserialization of Untrusted Data. A flaw was discovered where the XMLRPC client implementation performed deserialization of the server-side exception serialized in the How to fix Deserialization of Untrusted Data? There is no fixed version for | [3.1,) |
Affected versions of the package are vulnerable to Denial of Service (DoS). By default | [3.0,3.1.4) |
Affected versions of the package are vulnerable to Server Side Request Forgery (SSRF). Sending an XML with a | [3.0,3.1.4) |