Description
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML.
Remediation
References
Related Vulnerabilities
WordPress Plugin Gallery Objects SQL Injection (0.4)
WordPress Plugin Facebook Like Box Multiple Vulnerabilities (2.9.1)
WordPress 'wp-admin/admin.php' Module Configuration Security Bypass Vulnerability (0.6.2 - 2.8)
WordPress Plugin RoyalSlider Cross-Site Scripting (3.2.6)
WordPress Plugin Limit Login Attempts Reloaded Security Bypass (2.17.3)