CyberSec.Space Logo
Back to CVE Browser

CVE-2013-4521

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1140%
EPSS Percentile40.78th
PublishedFeb 6, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. NOTE: this vulnerability may overlap CVE-2013-2165.

Affected Platforms (CPE)

πŸ“¦
Nuxeo

Nuxeo

= 5.6.0
πŸ“¦
Nuxeo

Nuxeo

= 5.6.0
πŸ“¦
Nuxeo

Nuxeo

= 5.6.0
πŸ“¦
Nuxeo

Nuxeo

= 5.6.0
πŸ“¦
Nuxeo

Nuxeo

= 5.6.0
πŸ“¦
Nuxeo

Nuxeo

= 5.6.0
πŸ“¦
Nuxeo

Nuxeo

= 5.6.0
πŸ“¦
Nuxeo

Nuxeo

= 5.6.0
πŸ“¦
Nuxeo

Nuxeo

= 5.6.0
πŸ“¦
Nuxeo

Nuxeo

= 5.6.0
πŸ“¦
Nuxeo

Nuxeo

= 5.6.0
πŸ“¦
Nuxeo

Nuxeo

= 5.6.0
πŸ“¦
Nuxeo

Nuxeo

= 5.6.0
πŸ“¦
Nuxeo

Nuxeo

= 5.6.0
πŸ“¦
Nuxeo

Nuxeo

= 5.6.0
πŸ“¦
Nuxeo

Nuxeo

= 5.6.0
πŸ“¦
Nuxeo

Nuxeo

= 5.6.0
πŸ“¦
Nuxeo

Nuxeo

= 5.6.0
πŸ“¦
Nuxeo

Nuxeo

= 5.6.0
πŸ“¦
Nuxeo

Nuxeo

= 5.6.0
πŸ“¦
Nuxeo

Nuxeo

= 5.6.0
πŸ“¦
Nuxeo

Nuxeo

= 5.6.0
πŸ“¦
Nuxeo

Nuxeo

= 5.6.0
πŸ“¦
Nuxeo

Nuxeo

= 5.6.0
πŸ“¦
Nuxeo

Nuxeo

= 5.6.0
πŸ“¦
Nuxeo

Nuxeo

= 5.6.0
πŸ“¦
Nuxeo

Nuxeo

= 5.6.0
πŸ“¦
Nuxeo

Nuxeo

= 5.8.0

References & Advisories

πŸ”— http://doc.nuxeo.com/display/public/ADMINDOC58/Nuxeo+Security+Hotfixes
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=1027052
πŸ”— https://github.com/nuxeo/richfaces/commit/6cbad2a6dcb70d3e33a6ce5879b1a3ad79eb1aec
πŸ”— http://doc.nuxeo.com/display/public/ADMINDOC58/Nuxeo+Security+Hotfixes
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=1027052
πŸ”— https://github.com/nuxeo/richfaces/commit/6cbad2a6dcb70d3e33a6ce5879b1a3ad79eb1aec

Related Vulnerabilities

CVE-2017-58698.8

Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated ...

CVE-2021-328285.4

The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the `oau...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...