Description
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML.
Remediation
References
Related Vulnerabilities
Drupal Core 9.3.x Cross-Site Scripting (9.3.0 - 9.3.2)
WordPress 5.1.x Multiple Vulnerabilities (5.1 - 5.1.14)
Moodle Improper Input Validation Vulnerability (CVE-2014-9060)
WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.12)
WordPress Plugin Drag and Drop Multiple File Upload-Contact Form 7 Security Bypass (1.3.6.4)