Lucene search
GoogleOSV:GHSA-92J2-5R7P-6HJWHistoryMay 17, 2022 - 3:28 a.m.
Restlet is vulnerable to Arbitrary Java Code Execution via crafted XML
2022-05-1703:28:12
Google
osv.dev
6
0.017 Low
EPSS
Percentile
87.8%
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML.
References
blog.diniscruz.com/2013/08/using-xmldecoder-to-execute-server-side.html
restlet.org/learn/2.1/changes
rhn.redhat.com/errata/RHSA-2013-1410.html
rhn.redhat.com/errata/RHSA-2013-1862.html
bugzilla.redhat.com/show_bug.cgi?id=995275
github.com/restlet/restlet-framework-java
github.com/restlet/restlet-framework-java/commit/b85c2ef182c69c5e2e21df008ccb249ccf80c7b
github.com/restlet/restlet-framework-java/issues/774
nvd.nist.gov/vuln/detail/CVE-2013-4221
Related
veracode
veracode
Arbitrary Code Execution
2019-07-12 06:19:18
Arbitrary Code Execution
2019-07-12 06:19:18
cvelist
cvelist
CVE-2013-4221
2013-10-10 00:00:00
CVE-2013-4271
2013-10-10 00:00:00
cve
cve
CVE-2013-4221
2013-10-10 00:55:14
CVE-2013-4271
2013-10-10 00:55:14
ubuntucve
ubuntucve
CVE-2013-4221
2013-10-10 00:00:00
CVE-2013-4271
2013-10-10 00:00:00
nvd
nvd
CVE-2013-4221
2013-10-10 00:55:14
CVE-2013-4271
2013-10-10 00:55:14
prion
prion
Default configuration
2013-10-10 00:55:00
Default configuration
2013-10-10 00:55:00
github
github
Restlet is vulnerable to Arbitrary Java Code Execution via crafted XML
2022-05-17 03:28:12
Restlet Arbitrary Java Code Execution via a serialized object
2022-05-17 03:28:57
osv
osv
Restlet Arbitrary Java Code Execution via a serialized object
2022-05-17 03:28:57
redhat
redhat
(RHSA-2013:1410) Important: Red Hat JBoss Fuse/A-MQ 6.0.0 patch 4
2013-10-07 00:00:00
avleonov
avleonov
CWEs in NVD CVE feed: analysis and complaints
2017-10-21 14:10:30