Description
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML.
Remediation
References
Related Vulnerabilities
ReviveAdserver Deserialization of Untrusted Data Vulnerability (CVE-2017-5830)
WordPress Plugin On Page SEO + Social Live Chat (Formerly OPS) Cross-Site Scripting (1.0.1)
WordPress Plugin Comment Extra Fields 'cef-upload.php' Arbitrary File Upload (1.7)
WordPress Plugin Share Drafts Publicly Information Disclosure (1.1.4)