CVE-2022-1415

MEDIUM6.8EPSS 0.83%

Drools Core Deserialization of Untrusted Data vulnerability

發布日:2023/9/11修改日:2024/5/3

描述

A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.

受影響套件(1)

Maven/org.drools:drools-corefrom 0, < 7.69.0.Final

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.8	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-1415
WEBhttps://access.redhat.com/errata/RHSA-2022:6813
WEBhttps://access.redhat.com/security/cve/CVE-2022-1415
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=2065505