{"id":"CVE-2021-41411","details":"drools \u003c=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.","aliases":["GHSA-rc57-9r3x-98cq"],"modified":"2026-04-10T04:39:14.214110Z","published":"2022-06-16T10:15:09.007Z","related":["SUSE-SU-2022:3313-1","SUSE-SU-2022:3314-1","SUSE-SU-2022:3750-1","SUSE-SU-2022:3761-1"],"references":[{"type":"FIX","url":"https://github.com/kiegroup/drools/pull/3808"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/droolsjbpm/drools","events":[{"introduced":"0"},{"fixed":"653a47ca6f3c42c0776a028fb1ff1c572bdbc1e8"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"7.6.0"}]}}],"versions":["5.3.0.Beta1","5.5.0.Beta1","6.0.0.Alpha1","6.0.0.Alpha7","6.0.0.Alpha8","6.0.0.Alpha9","6.0.0.Beta1","b4_uf_0.5.x","before_reteoo_removal","summit2016"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41411.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}