CVE-2022-1415

Deserialization of Untrusted Data in maven/org.drools/drools

Identifiers

CVE-2022-1415

Package Slug

maven/org.drools/drools

Vulnerability

Deserialization of Untrusted Data

Description

A flaw was found where some utility classes in Drools core does not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.

Affected Versions

Version 7.69.0

Solution

Upgrade to version 7.70.0.Final or above.

Last Modified

2023-09-15

source