Lucene search
GitHub Advisory DatabaseGHSA-F3MV-G3XR-FP7WHistoryMay 17, 2022 - 3:28 a.m.
Restlet Arbitrary Java Code Execution via a serialized object
2022-05-1703:28:57
CWE-502
GitHub Advisory Database
github.com
5
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
82.1%
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221.
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.restlet.jse:org.restlet | lt | 2.1.4 |
Related
prion
prion
Default configuration
2013-10-10 00:55:00
Default configuration
2013-10-10 00:55:00
cve
cve
CVE-2013-4271
2013-10-10 00:55:00
CVE-2013-4221
2013-10-10 00:55:00
ubuntucve
ubuntucve
CVE-2013-4271
2013-10-10 00:00:00
CVE-2013-4221
2013-10-10 00:00:00
osv
osv
Restlet Arbitrary Java Code Execution via a serialized object
2022-05-17 03:28:57
Restlet is vulnerable to Arbitrary Java Code Execution via crafted XML
2022-05-17 03:28:12
veracode
veracode
Arbitrary Code Execution
2019-07-12 06:19:18
Arbitrary Code Execution
2019-07-12 06:19:18
redhat
redhat
(RHSA-2013:1410) Important: Red Hat JBoss Fuse/A-MQ 6.0.0 patch 4
2013-10-07 00:00:00
github
github
Restlet is vulnerable to Arbitrary Java Code Execution via crafted XML
2022-05-17 03:28:12
avleonov
avleonov
CWEs in NVD CVE feed: analysis and complaints
2017-10-21 14:10:30
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
82.1%
Related for GHSA-F3MV-G3XR-FP7W