**Issue Overview:**
An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue will not be fixed. (CVE-2019-17570)
**Affected Packages:**
xmlrpc
**Issue Correction:**
Run _yum update xmlrpc_ to update your system.
**New Packages:**
noarch:
   xmlrpc-javadoc-3.1.3-9.amzn2.0.1.noarch
   xmlrpc-common-3.1.3-9.amzn2.0.1.noarch
   xmlrpc-client-3.1.3-9.amzn2.0.1.noarch
   xmlrpc-server-3.1.3-9.amzn2.0.1.noarch
src:
   xmlrpc-3.1.3-9.amzn2.0.1.src
### Additional References
Red Hat: [CVE-2019-17570]()
Mitre: [CVE-2019-17570]()Read More
References
Back to Main