Jacques Le Roux created OFBIZ-11716: ---------------------------------------
Summary: Apache OFBiz unsafe deserialization of XMLRPC arguments (CVE-2020-9496) Key: OFBIZ-11716 URL: https://issues.apache.org/jira/browse/OFBIZ-11716 Project: OFBiz Issue Type: Sub-task Components: framework/webtools Affects Versions: Trunk Reporter: Jacques Le Roux Assignee: Jacques Le Roux Because the 2 xmlrpc related requets in webtools (xmlrpc and ping) are not using authentication they are vulnerable to unsafe deserialization. This issue was reported to the security team by Alvaro Munoz <pwntes...@github.com> from the GitHub Security Lab team -- This message was sent by Atlassian Jira (v8.3.4#803005)