4 matches found
com.genexus:gxodata (>=2.6.2 <=2.7.30), com.github.axway-api-management-plus.apim-cli:apimcli-apim-adapter (>=1.14.4 <=1.14.13) +44 more potentially affected by CVE-2020-1925 via org.apache.olingo:odata-client-core (>=4.0.0 <=4.7.0)
org.apache.olingo:odata-client-core MAVEN version =4.0.0, =2.6.2, =1.14.4, =1.14.4, =1.14.4, =1.14.4, =1.14.4, =1.14.4, =1.14.4, =1.14.4, =1.14.4, =0.1.14, =1.0.0-RELEASE, =1.0.0-RELEASE, =4.26.0, =5.2.0 and more Source cves: CVE-2020-1925 Source advisory: OSV:G...
com.genexus:gxodata (>=2.6.2 <=2.7.30), com.github.axway-api-management-plus.apim-cli:apimcli-apim-adapter (>=1.14.4 <=1.14.13) +44 more potentially affected by CVE-2019-17554 via org.apache.olingo:odata-client-core (>=4.0.0 <=4.6.0)
org.apache.olingo:odata-client-core MAVEN version =4.0.0, =2.6.2, =1.14.4, =1.14.4, =1.14.4, =1.14.4, =1.14.4, =1.14.4, =1.14.4, =1.14.4, =1.14.4, =0.1.14, =1.0.0-RELEASE, =1.0.0-RELEASE, =4.26.0, =5.2.0 and more Source cves: CVE-2019-17554 Source advisory: OSV...
com.genexus:gxodata (>=2.6.2 <=2.7.30), com.github.axway-api-management-plus.apim-cli:apimcli-apim-adapter (>=1.14.4 <=1.14.13) +44 more potentially affected by CVE-2019-17555 via org.apache.olingo:odata-client-core (>=4.0.0 <=4.6.0)
org.apache.olingo:odata-client-core MAVEN version =4.0.0, =2.6.2, =1.14.4, =1.14.4, =1.14.4, =1.14.4, =1.14.4, =1.14.4, =1.14.4, =1.14.4, =1.14.4, =0.1.14, =1.0.0-RELEASE, =1.0.0-RELEASE, =4.26.0, =5.2.0 and more Source cves: CVE-2019-17555 Source advisory: OSV...
Server-Side Request Forgery
odata-client-core is vulnerable to cross-site request forgery CSRF. The AsyncRequestWrapperImpl class reads a URL from the Location header and sends a GET/DELETE request to the URL without verifying the authenticity of the request. This allows a remote attacker to trick a user into visiting a...