Vulnerability	Vulnerable Version
M Deserialization of Untrusted Data Affected versions of this package are vulnerable to Deserialization of Untrusted Data in `StreamUtils` class. An authorized attacker could construct malicious serialized objects (usually called gadgets) and use this flaw to achieve code execution on the server. How to fix Deserialization of Untrusted Data? Upgrade `org.drools:drools-compiler` to version 7.69.0.Final or higher.	[,7.69.0.Final)
M XML External Entity (XXE) Injection Affected versions of this package are vulnerable to XML External Entity (XXE) Injection due to improper usage of the `Validator` class in `KieModuleMarshaller.java`. How to fix XML External Entity (XXE) Injection? Upgrade `org.drools:drools-compiler` to version 7.60.0.Final or higher.	[,7.60.0.Final)

Deserialization of Untrusted Data

Affected versions of this package are vulnerable to Deserialization of Untrusted Data in StreamUtils class. An authorized attacker could construct malicious serialized objects (usually called gadgets) and use this flaw to achieve code execution on the server.

How to fix Deserialization of Untrusted Data?

Upgrade org.drools:drools-compiler to version 7.69.0.Final or higher.

[,7.69.0.Final)

XML External Entity (XXE) Injection

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection due to improper usage of the Validator class in KieModuleMarshaller.java.

How to fix XML External Entity (XXE) Injection?

Upgrade org.drools:drools-compiler to version 7.60.0.Final or higher.

[,7.60.0.Final)

Go back to all versions of this package