CVE-2022-1415

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in maven/org.drools/drools-core

Identifiers

GHSA-m5q8-58wh-xxq4, CVE-2022-1415

Package Slug

maven/org.drools/drools-core

Vulnerability

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Description

A flaw was found where some utility classes in Drools core does not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.

Affected Versions

All versions before 7.69.0.final

Solution

Upgrade to version 7.69.0.Final or above.

Last Modified

2023-09-13

source