CVE-2022-1415 – Drools: unsafe data deserialization in streamutils

https://notcve.org/view.php?id=CVE-2022-1415

11 Sep 2023 — A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server. Se encontró una falla en la que algunas clases de utilidad en el núcleo de Drools no usaban las medidas de seguridad adecuadas al deserializar datos. Esta falla permite a un atacante autenticado construir objetos serializados maliciosos (generalm... • https://access.redhat.com/errata/RHSA-2022:6813 • CWE-502: Deserialization of Untrusted Data •