High severityNVD Advisory· Published Oct 10, 2013· Updated Jun 16, 2026
CVE-2013-4221
CVE-2013-4221
Description
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.restlet.jse:org.restletMaven | < 2.1.4 | 2.1.4 |
Affected products
17cpe:2.3:a:restlet:restlet:*:*:*:*:*:*:*:*+ 15 more
- cpe:2.3:a:restlet:restlet:*:*:*:*:*:*:*:*range: <=2.1.3
- cpe:2.3:a:restlet:restlet:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:restlet:restlet:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:restlet:restlet:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:restlet:restlet:2.1:milestone1:*:*:*:*:*:*
- cpe:2.3:a:restlet:restlet:2.1:milestone2:*:*:*:*:*:*
- cpe:2.3:a:restlet:restlet:2.1:milestone3:*:*:*:*:*:*
- cpe:2.3:a:restlet:restlet:2.1:milestone4:*:*:*:*:*:*
- cpe:2.3:a:restlet:restlet:2.1:milestone5:*:*:*:*:*:*
- cpe:2.3:a:restlet:restlet:2.1:milestone6:*:*:*:*:*:*
- cpe:2.3:a:restlet:restlet:2.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:restlet:restlet:2.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:restlet:restlet:2.1:rc3:*:*:*:*:*:*
- cpe:2.3:a:restlet:restlet:2.1:rc4:*:*:*:*:*:*
- cpe:2.3:a:restlet:restlet:2.1:rc5:*:*:*:*:*:*
- cpe:2.3:a:restlet:restlet:2.1:rc6:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
9- github.com/restlet/restlet-framework-java/issues/774nvdIssue TrackingPatchWEB
- blog.diniscruz.com/2013/08/using-xmldecoder-to-execute-server-side.htmlnvdThird Party AdvisoryWEB
- restlet.org/learn/2.1/changesnvdRelease NotesVendor AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2013-1410.htmlnvdThird Party AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2013-1862.htmlnvdThird Party AdvisoryWEB
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party AdvisoryWEB
- github.com/advisories/GHSA-92j2-5r7p-6hjwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-4221ghsaADVISORY
- github.com/restlet/restlet-framework-java/commit/b85c2ef182c69c5e2e21df008ccb249ccf80c7bghsaWEB
News mentions
0No linked articles in our index yet.