Unrated severityNVD Advisory· Published Feb 6, 2020· Updated Aug 6, 2024
CVE-2013-4521
CVE-2013-4521
Description
RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. NOTE: this vulnerability may overlap CVE-2013-2165.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Nuxeo/Nuxeo Platformv5Range: 5.6.0 before HF27
Patches
Vulnerability mechanics
References
3- doc.nuxeo.com/display/public/ADMINDOC58/Nuxeo+Security+Hotfixesmitrex_refsource_CONFIRM
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
- github.com/nuxeo/richfaces/commit/6cbad2a6dcb70d3e33a6ce5879b1a3ad79eb1aecmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.