XML External Entity (XXE) Vulnerability in Drools KieModuleMarshaller.java

XML External Entity (XXE) Vulnerability in Drools KieModuleMarshaller.java

CVE-2021-41411 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.

Learn more about our External Network Penetration Testing.