Описание
drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.
A flaw was found in the XML external entity injection vulnerability in the KieModuleMarshaller.java module of drools-compiler. This issue may lead to the disclosure of sensitive information.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Process Automation 7 | business-central.war | Not affected | ||
| Red Hat Process Automation 7 | kie-server.war | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Important
Дефект:
CWE-611
https://bugzilla.redhat.com/show_bug.cgi?id=2249147drools-compiler: XML External Entity vulnerability in KieModuleMarshaller.java
7.5 High
CVSS3
Связанные уязвимости
CVSS3: 9.8
nvd
больше 3 лет назад
drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.
7.5 High
CVSS3