Gentoo Linux Security Advisory 202401-26 - Multiple vulnerabilities have been found in Apache XML-RPC, the worst of which could result in arbitrary code execution. Versions less than or equal to 3.1.3 are affected.
e5a4b01ce01a0da4be625d294152099c16e3fe042a0e485ff40acb81e736e82a
Ubuntu Security Notice 4496-1 - It was discovered that Apache XML-RPC does not properly deserialize untrusted data. An attacker could possibly use this issue to execute arbitrary code.
0d11bb361d9214af8b8e07592fe8af5981b3411a2ea5248352424c6214828223
Red Hat Security Advisory 2020-0983-01 - This release of Red Hat Fuse 7.6.0 serves as a replacement for Red Hat Fuse 7.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, cross site scripting, denial of service, deserialization, and information leakage vulnerabilities.
c2b2bece438c10e903155ade04dc8eb70bbee2e9169a4e812ce54e8f4eebf85a
Debian Linux Security Advisory 4619-1 - Guillaume Teissier reported that the XMLRPC client in libxmlrpc3-java, an XML-RPC implementation in Java, does perform deserialization of the server-side exception serialized in the faultCause attribute of XMLRPC error response messages. A malicious XMLRPC server can take advantage of this flaw to execute arbitrary code with the privileges of an application using the Apache XMLRPC client library.
182a250ef2e3e8f678cce9391e0c00303ca592e52445db910d67c6a8a5f5f866
Red Hat Security Advisory 2020-0310-01 - Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol that uses XML over HTTP to implement remote procedure calls. Issues addressed include a deserialization vulnerability.
0e259ef4f49a543084a24dec33476a00eb4a4768db21c808939c1f234914f2ab