org.drools:drools-core

Maven4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.drools:drools-corepage 1 of 1

CVE-2010-3708NONECVSS 0.0EG 0.0✓ Fixed in 4.0.7
2010-12-30
The serialization implementation in JBoss Drools in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 and JBoss Enterprise SOA Platform 4.2 and 4.3 supports the embedding of class files, which all…
CVE-2014-8125NONECVSS 0.0EG 0.0✓ Fixed in 6.2.0.Final
2015-04-21
vulnerable: 5.0.0.CR1 ... 6.2.0.CR4 (63 versions)
XML external entity (XXE) vulnerability in Drools and jBPM before 6.2.0 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted BPMN2 file.
CVE-2021-41411CRITICALCVSS 9.8EG 9.8✓ Fixed in 7.60.0.Final
2022-06-16
vulnerable: 5.0.0.CR1 ... 7.9.0.Final (182 versions)
drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.
CVE-2022-1415HIGHCVSS 8.1EG 8.1✓ Fixed in 7.69.0.Final
2023-09-11
vulnerable: 5.0.0.CR1 ... 7.9.0.Final (192 versions)
A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve cod…

Check whether org.drools:drools-core is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.drools:drools-core CVEs against the assets you own.

Start Free Scan →