CVE-2022-1415

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-1415
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1415.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-1415
Aliases
Downstream
Related
Published
2023-09-11T21:15:41.483Z
Modified
2026-04-10T04:42:43.753661Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.

References

Affected packages

Git / github.com/droolsjbpm/drools

Affected ranges

Type
GIT
Repo
https://github.com/droolsjbpm/drools
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ce4d2d0788c09839ca4308e6a0f1506f4608d375
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
aeb034cab97c9aea80a84b3e8c7d6e2e541c72e7
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ce4d2d0788c09839ca4308e6a0f1506f4608d375
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.69.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0"
        }
    ]
}

Affected versions

5.*
5.3.0.Beta1
5.5.0.Beta1
6.*
6.0.0.Alpha1
6.0.0.Alpha7
6.0.0.Alpha8
6.0.0.Alpha9
6.0.0.Beta1
7.*
7.0.0.Final
7.69.0.Final
b4_uf_0.*
b4_uf_0.5.x
Other
before_reteoo_removal
opt201906a
opt201906a_prev
opt201906b
opt201906baseline
summit2016

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1415.json"