cve/CVE-2022-1415.md at 43553e9af13bbdba84028635c21659dede3160a7

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024

2024-05-25 21:48:12 +02:00

Description

A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.

POC

Reference

No PoCs from references.

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/cldrn/security-advisories
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/luelueking/Java-CVE-Lists

2.5 KiB Raw Blame History

CVE-2022-1415

Description

POC

Reference

Github

2.5 KiB

Raw Blame History