Description
drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.
Remediation
References
https://github.com/kiegroup/drools/pull/3808
Related Vulnerabilities
CVE-2021-21391 Vulnerability in npm package @ckeditor/ckeditor5-image
CVE-2023-40314 Vulnerability in maven package org.opennms:opennms-webapp
CVE-2022-41957 Vulnerability in npm package hummus
CVE-2021-33502 Vulnerability in npm package normalize-url
CVE-2022-37724 Vulnerability in maven package wonder.utilities:utilities