org.restlet.jse:org.restlet
Maven4 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.restlet.jse:org.restletpage 1 of 1
- CVE-2013-4221NONECVSS 0.0EG 0.0✓ Fixed in 2.1.42013-10-10
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML.
- CVE-2013-4271NONECVSS 0.0EG 0.0✓ Fixed in 2.1.42013-10-10
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerabilit…
- CVE-2014-1868NONECVSS 0.0EG 0.0✓ Fixed in 2.1.72014-10-06
Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when using XMLRepresentation or XML serializers, allows attackers to cause a denial of service via an XML Entity Expansion (XEE) attack.
- CVE-2017-14949HIGHCVSS 7.5EG 7.5✓ Fixed in 2.3.122017-11-30
Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities (not parameter external entities) are properly consid…
Check whether org.restlet.jse:org.restlet is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.restlet.jse:org.restlet CVEs against the assets you own.
Start Free Scan →