com.github.pukkaone:odata-elasticsearch2-spring-boot-starter (=1.4.0-0), com.github.pukkaone:odata-web-spring-boot-starter (=1.4.0-0) +32 more potentially affected by CVE-2019-17554 via org.apache.olingo:odata-server-core (>=4.0.0 <=4.6.0)

org.apache.olingo:odata-server-core MAVEN version =4.0.0, =1.1.0, =1.0.0-RELEASE, =0.31.0, =0.31.0, =1.3.0, =1.3.0, =1.3.0, =1.3.0, =1.3.0, =1.3.0, =1.2.2, =1.2.2, =1.2.9 and more Source cves: CVE-2019-17554 Source advisory: OSV:GHSA-MGH8-HCWJ-H57V...

XML External Entity (XXE)

odata-server-core is vulnerable to XML external entity XXE attacks. The support for external entities are not disabled and allows remote attackers to inject a malicious XML document to retrieve confidential system files or perform requests on behalf of the server...