CVE-2021-41411

XML External Entity Reference in drools in maven/org.drools/drools-core

Identifiers

GHSA-rc57-9r3x-98cq, CVE-2021-41411

Package Slug

maven/org.drools/drools-core

Vulnerability

XML External Entity Reference in drools

Description

drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.

Affected Versions

All versions up to 7.59.0.final

Solution

Upgrade to version 7.60.0.Final or above.

Last Modified

2022-06-19

source