Количество 2
Количество 2
CVE-2019-17554
The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Request with content type "application/xml", which trigger the deserialization of entities, can be used to trigger XXE attacks.
GHSA-mgh8-hcwj-h57v
Improper Restriction of XML External Entity Reference in Apache Olingo
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2019-17554 The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Request with content type "application/xml", which trigger the deserialization of entities, can be used to trigger XXE attacks. | CVSS3: 5.5 | 53% Средний | около 6 лет назад |
| GHSA-mgh8-hcwj-h57v Improper Restriction of XML External Entity Reference in Apache Olingo | CVSS3: 5.5 | 53% Средний | около 6 лет назад |
Уязвимостей на страницу