CVE-2022-1415: Deserialization of Untrusted Data
(updated )
A flaw was found where some utility classes in Drools core does not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.
References
Detect and mitigate CVE-2022-1415 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →