Description
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221.
Remediation
References
Related Vulnerabilities
osTicket Other Vulnerability (CVE-2006-5407)
WebLogic CVE-2020-14820 Vulnerability (CVE-2020-14820)
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2017-12149)
Joomla Improper Input Validation Vulnerability (CVE-2011-4911)
WordPress Plugin Comic Book Management System SQL Injection (2.1.0)