Improper Input Validation in Drools and jBPM
XML external entity (XXE) vulnerability in Drools and jBPM before 6.2.0 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted BPMN2 file.
Advisories for Maven/Org.jbpm/Jbpm-Bpmn2 package
2022