{"id":"CVE-2021-41411","details":"drools \u003c=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.","aliases":["GHSA-rc57-9r3x-98cq"],"modified":"2026-05-18T22:59:02.536502Z","published":"2022-06-16T10:15:09.007Z","related":["SUSE-SU-2022:3313-1","SUSE-SU-2022:3314-1","SUSE-SU-2022:3750-1","SUSE-SU-2022:3761-1"],"references":[{"type":"FIX","url":"https://github.com/kiegroup/drools/pull/3808"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/incubator-kie-drools","events":[{"introduced":"0"},{"fixed":"653a47ca6f3c42c0776a028fb1ff1c572bdbc1e8"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"7.6.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:redhat:drools:*:*:*:*:*:*:*:*"}}],"versions":["before_reteoo_removal","summit2016","b4_uf_0.5.x","6.0.0.Beta1","6.0.0.Alpha9","6.0.0.Alpha8","6.0.0.Alpha7","6.0.0.Alpha1","5.5.0.Beta1","5.3.0.Beta1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-41411.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}