Maven package
org.apache.olingo/odata-client-proxy
pkg:maven/org.apache.olingo/odata-client-proxy
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-17556 | — | >= 4.0.0, < 4.7.0 | 4.7.0 | Dec 4, 2019 | Apache Olingo versions 4.0.0 to 4.6.0 provide the AbstractService class, which is public API, uses ObjectInputStream and doesn't check classes being deserialized. If an attacker can feed malicious metadata to the class, then it may result in running attacker's code in the worse c |
- CVE-2019-17556Dec 4, 2019affected >= 4.0.0, < 4.7.0fixed 4.7.0
Apache Olingo versions 4.0.0 to 4.6.0 provide the AbstractService class, which is public API, uses ObjectInputStream and doesn't check classes being deserialized. If an attacker can feed malicious metadata to the class, then it may result in running attacker's code in the worse c