Moderate severityNVD Advisory· Published Oct 6, 2014· Updated May 6, 2026
CVE-2014-1868
CVE-2014-1868
Description
Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when using XMLRepresentation or XML serializers, allows attackers to cause a denial of service via an XML Entity Expansion (XEE) attack.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.restlet.jse:org.restletMaven | >= 2.1.0, < 2.1.7 | 2.1.7 |
Affected products
13cpe:2.3:a:restlet:restlet_framework:*:milestone6:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:restlet:restlet_framework:*:milestone6:*:*:*:*:*:*range: <=2.2
- cpe:2.3:a:restlet:restlet_framework:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:restlet:restlet_framework:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:restlet:restlet_framework:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:restlet:restlet_framework:2.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:restlet:restlet_framework:2.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:restlet:restlet_framework:2.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:restlet:restlet_framework:2.2:milestone1:*:*:*:*:*:*
- cpe:2.3:a:restlet:restlet_framework:2.2:milestone2:*:*:*:*:*:*
- cpe:2.3:a:restlet:restlet_framework:2.2:milestone3:*:*:*:*:*:*
- cpe:2.3:a:restlet:restlet_framework:2.2:milestone4:*:*:*:*:*:*
- cpe:2.3:a:restlet:restlet_framework:2.2:milestone5:*:*:*:*:*:*
- cpe:2.3:a:restlet:restlet_framework:2.1.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.