CVE-2013-4271
Restlet < 2.1.4 - Remote Code Execution via Untrusted Object Deserialization
Title source: llmDescription
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221.
References (5)
Core 5
Core References
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1862.html
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://github.com/restlet/restlet-framework-java/issues/778
Vendor Advisory x_refsource_confirm
http://restlet.org/learn/2.1/changes
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=999735
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1410.html
Scores
EPSS
0.0283
EPSS Percentile
84.9%
Details
CWE
CWE-502
Status
published
Products (6)
org.restlet.jse/org.restlet
0 - 2.1.4Maven
restlet/restlet
2.1 milestone1 (12 CPE variants)
restlet/restlet
2.1.0
restlet/restlet
2.1.1
restlet/restlet
2.1.2
restlet/restlet
< 2.1.3
Published
Oct 10, 2013
Tracked Since
Feb 18, 2026