Description
A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.
Remediation
References
https://access.redhat.com/errata/RHSA-2022:6813
https://access.redhat.com/security/cve/CVE-2022-1415
https://bugzilla.redhat.com/show_bug.cgi?id=2065505
Related Vulnerabilities
CVE-2021-21172 Vulnerability in maven package org.webjars.npm:electron
CVE-2023-50765 Vulnerability in maven package org.jenkins-ci.plugins:scriptler
CVE-2020-6461 Vulnerability in maven package org.webjars.npm:electron
CVE-2021-21160 Vulnerability in npm package electron
CVE-2016-6816 Vulnerability in maven package org.apache.tomcat:tomcat-coyote