CVE-2013-4271
EPSS 0.49%Restlet Arbitrary Java Code Execution via a serialized object
發布日:2022/5/17修改日:2023/11/8
描述
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221.
受影響套件(1)
- Maven/org.restlet.jse:org.restletfrom 0, < 2.1.4
參考連結(7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2013-4271
- PATCHhttps://github.com/restlet/restlet-framework-java
- WEBhttp://restlet.org/learn/2.1/changes
- WEBhttp://rhn.redhat.com/errata/RHSA-2013-1410.html
- WEBhttp://rhn.redhat.com/errata/RHSA-2013-1862.html
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=999735
- WEBhttps://github.com/restlet/restlet-framework-java/issues/778