Description

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML.

Remediation

References

CVE-2013-4221

Related Vulnerabilities

WordPress Plugin GeoDirectory-WordPress Business Directory and Classified Ads Listings Cross-Site Scripting (2.1.1.2)

Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-4696)

MySQL CVE-2022-21485 Vulnerability (CVE-2022-21485)

WordPress Plugin IBPS Online Exam Multiple Vulnerabilities (1.0)

Django Other Vulnerability (CVE-2015-3982)

Severity

High

Classification

CVE-2013-4221 CWE-91

Tags

Missing Update Known Vulnerabilities