CVE-2022-1415

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-1415
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1415.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-1415
Aliases
Related
Published
2023-09-11T21:15:41Z
Modified
2024-09-02T21:36:41Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.

References

Affected packages

Git / github.com/droolsjbpm/drools

Affected ranges

Type
GIT
Repo
https://github.com/droolsjbpm/drools
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Last affected