3 matches found
Apache Olingo OData XML External Entity Injection (CVE-2019-17554)
An XML external entity injection vulnerability exists in Apache Olingo OData. The vulnerability is due to a failure to properly handle external entity references in XML files. A successful exploitation of this vulnerability could result in the disclosure of file contents from the target system...
Apache Olingo OData 4.0 - XML External Entity Injection
Apache Olingo OData 4.0 - XML External Entity Injection COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: Apache Olingo OData 4.0 Vendor: Apache Foundation CSNC ID: CSNC-2009-025 CVE ID: CVE-2019-17554 Subject: XML External Entity Resolution XXE Risk: High...
CVE-2019-17554
The CVE-2019-17554 issue affects the Apache Olingo OData library (versions 4.0.0–4.6.0). The root cause is that the XML content-type entity deserializer is not configured to deny resolution of external entities, allowing an incoming request with content type application/xml to trigger the deseria...