2 matches found
com.genexus:gxodata (>=2.6.2 <=2.7.30), com.github.axway-api-management-plus.apim-cli:apimcli-apim-adapter (>=1.14.4 <=1.14.13) +44 more potentially affected by CVE-2019-17555 via org.apache.olingo:odata-client-core (>=4.0.0 <=4.6.0)
org.apache.olingo:odata-client-core MAVEN version =4.0.0, =2.6.2, =1.14.4, =1.14.4, =1.14.4, =1.14.4, =1.14.4, =1.14.4, =1.14.4, =1.14.4, =1.14.4, =0.1.14, =1.0.0-RELEASE, =1.0.0-RELEASE, =4.26.0, =5.2.0 and more Source cves: CVE-2019-17555 Source advisory: OSV...
CVE-2019-17555
CVE-2019-17555 affects Apache Olingo 4.0.0–4.6.0. The AsyncResponseWrapperImpl reads the Retry-After header and passes it directly to Thread.sleep() without validation. A malicious server could supply a huge value, enabling a denial-of-service (DoS) via blocking sleep duration. Public records (RH...