Description

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML.

Remediation

References

CVE-2013-4221

Related Vulnerabilities

Sqlite NULL Pointer Dereference Vulnerability (CVE-2019-19242)

Drupal Core 8.5.x Multiple Vulnerabilities (8.5.0 - 8.5.14)

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-3966)

WebLogic CVE-2019-2646 Vulnerability (CVE-2019-2646)

WordPress Plugin YITH WooCommerce Multi-step Checkout Security Bypass (1.7.4)

Severity

High

Classification

CVE-2013-4221 CWE-91

Tags

Missing Update Known Vulnerabilities