Description

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML.

Remediation

References

http://blog.diniscruz.com/2013/08/using-xmldecoder-to-execute-server-side.html

http://restlet.org/learn/2.1/changes

http://rhn.redhat.com/errata/RHSA-2013-1410.html

http://rhn.redhat.com/errata/RHSA-2013-1862.html

https://bugzilla.redhat.com/show_bug.cgi?id=995275

https://github.com/restlet/restlet-framework-java/issues/774

Related Vulnerabilities

CVE-2022-39387 Vulnerability in maven package org.xwiki.contrib.oidc:oidc-authenticator

CVE-2016-3720 Vulnerability in maven package com.fasterxml.jackson.dataformat:jackson-dataformat-xml

CVE-2023-30519 Vulnerability in maven package org.jenkins-ci.plugins:quayio-trigger

CVE-2018-18854 Vulnerability in maven package io.spray:spray-json_2.10

CVE-2020-15262 Vulnerability in npm package webpack-subresource-integrity

Severity

Critical

Classification

CWE-16

Tags

Third Party Advisory Release Notes Vendor Advisory Issue Tracking Patch