Description
A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.
Remediation
References
https://access.redhat.com/errata/RHSA-2022:6813
https://access.redhat.com/security/cve/CVE-2022-1415
https://bugzilla.redhat.com/show_bug.cgi?id=2065505
Related Vulnerabilities
CVE-2021-36774 Vulnerability in maven package org.apache.kylin:kylin-core-common
CVE-2018-1000149 Vulnerability in maven package org.jenkins-ci.plugins:ansible
CVE-2017-16061 Vulnerability in npm package tkinter
CVE-2012-0392 Vulnerability in maven package com.opensymphony:xwork-core
CVE-2022-22965 Vulnerability in maven package org.springframework:spring-webmvc