CVE-2019-17556

Name of the Vulnerable Software and Affected Versions Apache Olingo versions 4.0.0 through 4.6.0

Description The issue concerns the AbstractService class in Apache Olingo, which uses ObjectInputStream without checking the classes being deserialized. This could allow an attacker to execute malicious code if they can provide malicious metadata to the class.

Recommendations For Apache Olingo versions 4.0.0 through 4.6.0, consider restricting access to the AbstractService class until a patch is available. As a temporary workaround, avoid using the ObjectInputStream functionality in the AbstractService class to minimize the risk of exploitation.