Description
drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.
Remediation
References
https://github.com/kiegroup/drools/pull/3808
Related Vulnerabilities
CVE-2022-24066 Vulnerability in npm package simple-git
CVE-2010-2057 Vulnerability in maven package org.apache.myfaces.shared:myfaces-shared-impl
CVE-2022-23487 Vulnerability in npm package libp2p
CVE-2022-0672 Vulnerability in maven package org.eclipse.lemminx:lemminx-parent
CVE-2021-39176 Vulnerability in npm package detect-character-encoding