Org.drools:drools-core
This hub aggregates every CVE we track for Org.drools:drools-core, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
4
CVEs tracked
1
Critical
3
High
0
In CISA KEV
Severity distribution
HIGH3CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 4 most recently published vulnerabilities affecting Org.drools:drools-core.
- CVE-2022-1415Drools: unsafe data deserialization in streamutils8.1
- CVE-2021-41411drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.9.8
- CVE-2014-8125XML external entity (XXE) vulnerability in Drools and jBPM before 6.2.0 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted BPMN2 file.7.5
- CVE-2010-3708The serialization implementation in JBoss Drools in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 and JBoss Enterprise SOA Platform 4.2 and 4.3 suppor...7.5
Product normalization is registry-driven with AI assist and human review. How it works