exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 2

CVE-2019-17556

около 6 лет назад

Apache Olingo versions 4.0.0 to 4.6.0 provide the AbstractService class, which is public API, uses ObjectInputStream and doesn't check classes being deserialized. If an attacker can feed malicious metadata to the class, then it may result in running attacker's code in the worse case.

CVSS3: 9.8

EPSS: Низкий

GHSA-gj76-429m-56wc

около 6 лет назад

Deserialization of Untrusted Data in Apache Olingo

CVSS3: 9.8

EPSS: Низкий

Уязвимостей на страницу

	Уязвимость	CVSS	EPSS	Опубликовано
	CVE-2019-17556 Apache Olingo versions 4.0.0 to 4.6.0 provide the AbstractService class, which is public API, uses ObjectInputStream and doesn't check classes being deserialized. If an attacker can feed malicious metadata to the class, then it may result in running attacker's code in the worse case.	CVSS3: 9.8	1% Низкий	около 6 лет назад
	GHSA-gj76-429m-56wc Deserialization of Untrusted Data in Apache Olingo	CVSS3: 9.8	1% Низкий	около 6 лет назад

Уязвимостей на страницу