PT-2013-4929 · Restlet · Restlet

David Jorm

Published

2013-10-10

Updated

2022-05-17

CVE-2013-4271

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Restlet versions prior to 2.1.4

Description The default configuration of the ObjectRepresentation class in Restlet deserializes objects from untrusted sources. This allows remote attackers to execute arbitrary Java code via a serialized object.

Recommendations For versions prior to 2.1.4, update to version 2.1.4 or later to resolve the issue. As a temporary workaround, consider restricting the deserialization of objects from untrusted sources to minimize the risk of exploitation.

Fix

RCE

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2013-4271

GHSA-F3MV-G3XR-FP7W

Affected Products

Restlet

PT-2013-4929 · Restlet · Restlet

CVE-2013-4271

Weakness Enumeration

Related Identifiers

Affected Products

References · 13