Details
-
Sub-task
-
Status: Closed
-
Major
-
Resolution: Fixed
-
Trunk
-
None
-
Bug Crush Event - 21/2/2015
Description
Because the 2 xmlrpc related requets in webtools (xmlrpc and ping) are not using authentication they are vulnerable to unsafe deserialization.
This issue was reported to the security team by Alvaro Munoz <pwntester@github.com> from the GitHub Security Lab team
Attachments
Issue Links
- relates to
-
OFBIZ-12332 post-auth Remote Code Execution Vulnerability
- Closed