Description
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP-Spreadshirt-Gallery Cross-Site Scripting (1.3)
PostgreSQL Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2016-5424)
Apache Tomcat Other Vulnerability (CVE-2003-0043)
WordPress Plugin Ultimate Membership Pro Cross-Site Request Forgery (8.6.2)
WordPress Plugin Cart66 Lite::WordPress Ecommerce SQL Injection (1.5.1.17)