Apache · Apache Olingo · CVE-2019-17554
**Name of the Vulnerable Software and Affected Versions**
Apache Olingo versions 4.0.0 through 4.6.0
**Description**
The issue concerns the XML content type entity deserializer, which is not properly configured to prevent the resolution of external entities. This can be exploited through requests with the "application/xml" content type, potentially leading to XXE (XML External Entity) attacks.
**Recommendations**
For Apache Olingo versions 4.0.0 through 4.6.0, consider disabling the XML content type entity deserializer until a patch is available to prevent the resolution of external entities and minimize the risk of XXE attacks.