Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Drools
(Redhat)| Repositories | https://github.com/droolsjbpm/drools |
| #Vulnerabilities | 3 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-06-16 | CVE-2021-41411 | drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability. | Drools | 9.8 | ||
| 2015-04-21 | CVE-2014-8125 | XML external entity (XXE) vulnerability in Drools and jBPM before 6.2.0 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted BPMN2 file. | Drools, Jbpm | N/A |