Security
Headlines

Headlines Latest CVEs

Headline

GHSA-m5q8-58wh-xxq4: Drools Core Deserialization of Untrusted Data vulnerability

A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.

1 year ago

#vulnerability #git #auth

Drools Core Deserialization of Untrusted Data vulnerability

Moderate severity GitHub Reviewed Published Sep 11, 2023 to the GitHub Advisory Database • Updated Sep 12, 2023

Related news

CVE-2022-1415: Invalid Bug ID

A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.

1 year ago

ghsa: Latest News

GHSA-mm6v-68qp-f9fw: Crayfish allows Remote Code Execution via Homarus Authorization header

8 hours ago

GHSA-c873-wfhp-wx5m: SP1 has missing verifier checks and fiat-shamir observations

8 hours ago

GHSA-7pq6-v88g-wf3w: Sentry's improper authentication on SAML SSO process allows user impersonation

8 hours ago

GHSA-2c6g-pfx3-w7h8: Insecure Temporary File in RESTEasy

11 hours ago

GHSA-5m7j-6gc4-ff5g: Mattermost fails to properly validate post props

11 hours ago