CVE-2019-17554

Name of the Vulnerable Software and Affected Versions Apache Olingo versions 4.0.0 through 4.6.0

Description The issue concerns the XML content type entity deserializer, which is not properly configured to prevent the resolution of external entities. This can be exploited through requests with the "application/xml" content type, potentially leading to XXE (XML External Entity) attacks.

Recommendations For Apache Olingo versions 4.0.0 through 4.6.0, consider disabling the XML content type entity deserializer until a patch is available to prevent the resolution of external entities and minimize the risk of XXE attacks.