org.drools:drools-compiler is vulnerable to deserialization of untrusted data. The vulnerability exists due to lack of serialization in multiple functions in CompositeKnowledgeBuilderImpl.java
and KnowledgeBuilderImpl.java
which allows an attacker to execute arbitrary malicious code on the system.
CPE | Name | Operator | Version |
---|---|---|---|
drools :: compiler | le | 7.68.0.Final | |
drools :: compiler | le | 7.68.0.Final |