CVE-2022-1415 Drools: unsafe data deserialization in streamutils

A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects usually called gadgets and achieve code execution on the server...

Apache Any23 Code Injection Vulnerability

Anything To Triples any23 is an application from the Apache USA Foundation. A library, a web service, and a command line tool for extracting structured data in RDF format from various web documents. Apache Any23 suffers from a code injection vulnerability that stems from an XML External Entity XX...

GHSA-838R-HVWH-24H8 XML Injection in Any23

An XML external entity XXE injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to affect Any23 versions 2.5. XML external entity injection also known as XXE is a web security vulnerability that allows an attacker to interfere with an application's processing of...

CVE-2021-38555

An XML external entity XXE injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to affect Any23 versions 2.5. XML external entity injection also known as XXE is a web security vulnerability that allows an attacker to interfere with an application's processing of...