VYPR

Restlet

by Restlet

Source repositories

CVEs (5)

  • CVE-2017-14868HigNov 30, 2017
    risk 0.49cvss 7.5epss 0.03

    Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension.

  • CVE-2017-14949HigNov 30, 2017
    risk 0.42cvss 7.5epss 0.02

    Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities (not parameter external entities) are properly considered. This is related to…

  • CVE-2012-2656Dec 18, 2019
    risk 0.00cvss epss 0.02

    An XML eXternal Entity (XXE) issue exists in Restlet 1.1.10 in an endpoint using XML transport, which lets a remote attacker obtain sensitive information.

  • CVE-2013-4271Oct 10, 2013
    risk 0.00cvss epss 0.03

    The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221.

  • CVE-2013-4221Oct 10, 2013
    risk 0.00cvss epss 0.03

    The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML.