Maven package
org.apache.olingo/odata-server-core
pkg:maven/org.apache.olingo/odata-server-core
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-17554 | — | >= 4.0.0, < 4.7.0 | 4.7.0 | Dec 4, 2019 | The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Request with content type "application/xml", which trigger the deserialization of entities, can be used to trigger XXE attacks. |
- CVE-2019-17554Dec 4, 2019affected >= 4.0.0, < 4.7.0fixed 4.7.0
The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Request with content type "application/xml", which trigger the deserialization of entities, can be used to trigger XXE attacks.