CVE-2013-4271: Deserialization of Untrusted Data

May 17, 2022 (updated August 29, 2023)

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221.

References

restlet.org/learn/2.1/changes
rhn.redhat.com/errata/RHSA-2013-1410.html
rhn.redhat.com/errata/RHSA-2013-1862.html
bugzilla.redhat.com/show_bug.cgi?id=999735
github.com/advisories/GHSA-f3mv-g3xr-fp7w
github.com/restlet/restlet-framework-java/issues/778
nvd.nist.gov/vuln/detail/CVE-2013-4271

Code Behaviors & Features

Detect and mitigate CVE-2013-4271 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →