CVE-2013-4271
EPSS 0.49%Restlet Arbitrary Java Code Execution via a serialized object
Published: 5/17/2022Modified: 11/8/2023
Description
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221.
Affected packages (1)
- Maven/org.restlet.jse:org.restletfrom 0, < 2.1.4
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2013-4271
- PATCHhttps://github.com/restlet/restlet-framework-java
- WEBhttp://restlet.org/learn/2.1/changes
- WEBhttp://rhn.redhat.com/errata/RHSA-2013-1410.html
- WEBhttp://rhn.redhat.com/errata/RHSA-2013-1862.html
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=999735
- WEBhttps://github.com/restlet/restlet-framework-java/issues/778