XML external entity (XXE) vulnerability in Drools and jBPM before 6.2.0 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted BPMN2 file.
{ "nvd_published_at": "2015-04-21T17:59:00Z", "github_reviewed_at": "2022-07-06T21:03:48Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-20" ] }