CVE-2013-4221

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML.

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML.

La configuración por defecto de la clase ObjectRepresentation en Restlet anterior a la versión 2.1.4 deserializa objetos desde fuentes no confiables usando Java XMLDecoder, lo que permite a atacantes remotos ejecutar código Java arbitrario a través de XML manipulado.