A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.
Metrics
Affected Vendors & Products
References
History
Wed, 25 Sep 2024 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2023-09-11T20:20:23.745Z
Updated: 2024-09-25T19:54:35.795Z
Reserved: 2022-04-20T12:43:39.822Z
Link: CVE-2022-1415
Vulnrichment
Updated: 2024-08-03T00:03:05.986Z
NVD
Status : Modified
Published: 2023-09-11T21:15:41.483
Modified: 2024-11-21T06:40:41.140
Link: CVE-2022-1415
Redhat