The SimpleXMLRPCServer library module in Python 2.2, 2.3 prior to 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote malicious users to read or modify globals of the associated module, and possibly execute arbitrary code, via dotted attributes.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
python python 2.4.0 |
||
python python |