CVE-2019-17556
N/A
N/A
Summary
Apache Olingo versions 4.0.0 to 4.6.0 provide the AbstractService class, which is public API, uses ObjectInputStream and doesn't check classes being deserialized. If an attacker can feed malicious metadata to the class, then it may result in running attacker's code in the worse case.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache | Olingo | 4.0.0 to 4.6.0 | affected |
Weaknesses
- Deserialization vulnerability
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.