Lucene search
Veracode Vulnerability DatabaseVERACODE:37837HistoryNov 08, 2022 - 5:37 a.m.
Deserialization Of Untrusted Data
2022-11-0805:37:24
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
73
deserialization
untrusted data
vulnerability
drools-compiler
arbitrary code execution
compositeknowledgebuilderimpl.java
knowledgebuilderimpl.java
security
0.001 Low
EPSS
Percentile
26.3%
org.drools:drools-compiler is vulnerable to deserialization of untrusted data. The vulnerability exists due to lack of serialization in multiple functions in CompositeKnowledgeBuilderImpl.java and KnowledgeBuilderImpl.java which allows an attacker to execute arbitrary malicious code on the system.
| CPE | Name | Operator | Version |
|---|---|---|---|
| drools :: compiler | le | 7.68.0.Final | |
| drools :: compiler | le | 7.68.0.Final |
Related
osv
osv
Drools Core Deserialization of Untrusted Data vulnerability
2023-09-11 21:30:17
CVE-2022-1415
2023-09-11 21:15:41
prion
prion
Design/Logic Flaw
2023-09-11 21:15:00
nvd
nvd
CVE-2022-1415
2023-09-11 21:15:41
cvelist
cvelist
CVE-2022-1415 Drools: unsafe data deserialization in streamutils
2023-09-11 20:20:23
github
github
Drools Core Deserialization of Untrusted Data vulnerability
2023-09-11 21:30:17
redhatcve
redhatcve
CVE-2022-1415
2022-10-29 00:16:47
cve
cve
CVE-2022-1415
2023-09-11 21:15:41
ibm
ibm
redhat
redhat