CVE-2013-4221

Name of the Vulnerable Software and Affected Versions Restlet versions prior to 2.1.4

Description The default configuration of the ObjectRepresentation class deserializes objects from untrusted sources using the Java XMLDecoder, allowing remote attackers to execute arbitrary Java code via crafted XML.

Recommendations For versions prior to 2.1.4, update to version 2.1.4 or later to resolve the issue. As a temporary workaround, consider disabling the deserialization of objects from untrusted sources using the Java XMLDecoder until a patch is available.