CVE-2013-4221

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:restlet:restlet:*:*:*:*:*:*:*:*
cpe:2.3:a:restlet:restlet:2.1:milestone1:*:*:*:*:*:*
cpe:2.3:a:restlet:restlet:2.1:milestone2:*:*:*:*:*:*
cpe:2.3:a:restlet:restlet:2.1:milestone3:*:*:*:*:*:*
cpe:2.3:a:restlet:restlet:2.1:milestone4:*:*:*:*:*:*
cpe:2.3:a:restlet:restlet:2.1:milestone5:*:*:*:*:*:*
cpe:2.3:a:restlet:restlet:2.1:milestone6:*:*:*:*:*:*
cpe:2.3:a:restlet:restlet:2.1:rc1:*:*:*:*:*:*
cpe:2.3:a:restlet:restlet:2.1:rc2:*:*:*:*:*:*
cpe:2.3:a:restlet:restlet:2.1:rc3:*:*:*:*:*:*
cpe:2.3:a:restlet:restlet:2.1:rc4:*:*:*:*:*:*
cpe:2.3:a:restlet:restlet:2.1:rc5:*:*:*:*:*:*
cpe:2.3:a:restlet:restlet:2.1:rc6:*:*:*:*:*:*
cpe:2.3:a:restlet:restlet:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:restlet:restlet:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:restlet:restlet:2.1.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2013-10-10 00:55

Updated : 2024-02-28 12:00


NVD link : CVE-2013-4221

Mitre link : CVE-2013-4221

CVE.ORG link : CVE-2013-4221


JSON object : View

Products Affected

restlet

  • restlet
CWE
CWE-16

Configuration

CWE-91

XML Injection (aka Blind XPath Injection)