XML External Entity (XXE) Vulnerability in Drools KieModuleMarshaller.java
CVE-2021-41411 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.
Learn more about our External Network Penetration Testing.