Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Restlet Framework XML Injection (aka Blind XPath Injection) Vulnerability - CVE-2013-4221 - Vulnerability Database
Restlet Framework

Restlet Framework XML Injection (aka Blind XPath Injection) Vulnerability - CVE-2013-4221

High
Reference: CVE-2013-4221
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2013-4221
Title: Restlet Framework XML Injection (aka Blind XPath Injection) Vulnerability
Overview:

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder which allows remote attackers to execute arbitrary Java code via crafted XML.