CVE-2013-4221 – org.restlet.jse:org.restlet

Package

Manager: maven
Name: org.restlet.jse:org.restlet
Vulnerable Version: >=0 <2.1.4

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.01452 pctl0.80053

Details

Restlet is vulnerable to Arbitrary Java Code Execution via crafted XML The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML.

Metadata

Created: 2022-05-17T03:28:12Z
Modified: 2024-03-05T17:30:03Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-92j2-5r7p-6hjw/GHSA-92j2-5r7p-6hjw.json
CWE IDs: ["CWE-91"]
Alternative ID: GHSA-92j2-5r7p-6hjw
Finding: F083
Auto approve: 1