Open GoogleCodeExporter opened 8 years ago
How is this a "medium" priority defect? It actually corrupts messages sent
over network.
I wanted to use XMLRPC for its simplicity and ubiquity. As it stands, I'll be
quickly moving to a different RPC
technology.
Worse yet, this almost certainly leaves the XMLRPC client wide-open for an
injection-based attack. A cleverly
crafted string could alter the remaining xmlrpc parameters. The exact behavior
would depend on how the
service handles the parsing of XMLRPC data. I would recommend against using
this library in a trusted
environment.
Original comment by djcbe...@gmail.com
on 7 Jan 2009 at 9:44
Original issue reported on code.google.com by
rbe...@googlemail.com
on 5 Jun 2008 at 2:05