CVE-2022-1415

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-1415

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1415.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-1415

Aliases

GHSA-m5q8-58wh-xxq4

Related

Published

2023-09-11T21:15:41Z

Modified

2024-09-02T21:36:41Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.

References

Affected packages

Git / github.com/droolsjbpm/drools

Affected ranges

Type: GIT
Repo: https://github.com/droolsjbpm/drools
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

aeb034cab97c9aea80a84b3e8c7d6e2e541c72e7

Last affected

ce4d2d0788c09839ca4308e6a0f1506f4608d375