GHSA-m5q8-58wh-xxq4
Suggest an improvement- Source
- https://github.com/advisories/GHSA-m5q8-58wh-xxq4
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-m5q8-58wh-xxq4/GHSA-m5q8-58wh-xxq4.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-m5q8-58wh-xxq4
- Aliases
- Published
- 2023-09-11T21:30:17Z
- Modified
- 2024-05-03T20:34:54.686261Z
- Severity
-
- 6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- Drools Core Deserialization of Untrusted Data vulnerability
- Details
-
A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.
- References
Affected packages
Maven / org.drools:drools-core
Package
- Name
- org.drools:drools-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.drools/drools-core
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.69.0.Final
Affected versions
5.*
5.0.0.M3
5.0.0.M4
5.0.0.M5
5.0.0.CR1
5.0.1
5.1.0.M1
5.1.0.M2
5.1.0.CR1
5.1.0
5.1.1
5.2.0.M2
5.2.0.CR1
5.2.0.Final
5.2.1.Final
5.3.0.Beta1
5.3.0.CR1
5.3.0.Final
5.3.1.Final
5.3.2.Final
5.3.3.Final
5.3.4.Final
5.3.5.Final
5.4.0.Beta1
5.4.0.Beta2
5.4.0.CR1
5.4.0.Final
5.5.0.Beta1
5.5.0.CR1
5.5.0.Final
5.6.0.CR1
5.6.0.Final
6.*
6.0.0.Alpha4
6.0.0.Alpha5
6.0.0.Alpha6
6.0.0.Alpha7
6.0.0.Alpha9
6.0.0.Beta1
6.0.0.Beta2
6.0.0.Beta3
6.0.0.Beta4
6.0.0.Beta5
6.0.0.CR1
6.0.0.CR2
6.0.0.CR3
6.0.0.CR4
6.0.0.CR4-Pre1
6.0.0.CR5
6.0.0.Final
6.0.1.Final
6.1.0.Beta1
6.1.0.Beta2
6.1.0.Beta3
6.1.0.Beta4
6.1.0.CR1
6.1.0.CR2
6.1.0.Final
6.2.0.Beta1
6.2.0.Beta2
6.2.0.Beta3
6.2.0.CR1
6.2.0.CR2
6.2.0.CR3
6.2.0.CR4
6.2.0.Final
6.3.0.Beta1
6.3.0.Beta2
6.3.0.CR1
6.3.0.CR2
6.3.0.Final
6.4.0.Beta1
6.4.0.Beta2
6.4.0.CR1
6.4.0.CR2
6.4.0.Final
6.5.0.Beta1
6.5.0.CR1
6.5.0.CR2
6.5.0.Final
7.*
7.0.0.Beta1
7.0.0.Beta2
7.0.0.Beta3
7.0.0.Beta4
7.0.0.Beta5
7.0.0.Beta6
7.0.0.Beta7
7.0.0.Beta8
7.0.0.CR1
7.0.0.CR2
7.0.0.CR3
7.0.0.Final
7.1.0.Beta1
7.1.0.Beta2
7.1.0.Beta3
7.1.0.Final
7.2.0.Final
7.3.0.Final
7.4.0.Final
7.4.1.Final
7.5.0.Final
7.5.0.t018
7.6.0.Final
7.6.0.t022
7.7.0.Final
7.8.0.Final
7.9.0.Final
7.10.0.Final
7.11.0.Final
7.12.0.Final
7.13.0.Final
7.14.0.Final
7.15.0.Final
7.16.0.Final
7.17.0.Final
7.18.0.Final
7.19.0.Final
7.20.0.Final
7.21.0.Final
7.22.0.Final
7.22.0.t042
7.23.0.Final
7.24.0.Final
7.24.0.t043
7.25.0.Final
7.26.0.Final
7.27.0.Final
7.28.0.Final
7.29.0.Final
7.30.0.Final
7.31.0.Final
7.32.0.Final
7.32.0.k20191220
7.32.0.k20191223
7.33.0.Final
7.34.0.Final
7.35.0.Final
7.36.0.Final
7.36.0.20200330
7.36.0.20200331
7.36.1.Final
7.37.0.Final
7.38.0.Final
7.39.0.CR1
7.39.0.Final
7.40.0.Final
7.40.0.20200703
7.41.0.Final
7.41.0.t20200723
7.42.0.Final
7.43.0.Final
7.43.0.t20200824
7.43.1.Final
7.44.0.Final
7.45.0.Final
7.45.0.t20201009
7.45.0.t20201014
7.46.0.Beta1
7.46.0.Final
7.46.0.t20201030
7.47.0.Final
7.48.0.Final
7.49.0.Final
7.49.0.t20210118
7.50.0.Final
7.50.0.t20210209
7.51.0.Final
7.51.0.t20210303
7.52.0.Beta1
7.52.0.Final
7.52.0.t20210322
7.53.0.Final
7.53.1.Final
7.54.0.Beta1
7.54.0.Final
7.55.0.Beta1
7.55.0.Final
7.56.0.Final
7.57.0.Beta1
7.57.0.Final
7.58.0.Beta1
7.58.0.Final
7.59.0.Beta1
7.59.0.Final
7.60.0.Final
7.61.0.Final
7.62.0.Final
7.63.0.Final
7.63.0.t20211129
7.64.0.Final
7.65.0.Final
7.66.0.Final
7.67.0.Final
7.68.0.Final