VYPR
Unrated severityNVD Advisory· Published Feb 6, 2020· Updated Aug 6, 2024

CVE-2013-4521

CVE-2013-4521

Description

RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. NOTE: this vulnerability may overlap CVE-2013-2165.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Nuxeo/Nuxeollm-fuzzy
    Range: 5.6.0 before HF27; 5.8.0 before HF-01
  • Nuxeo/Nuxeo Platformv5
    Range: 5.6.0 before HF27

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.