Deserialization Vulnerability in Apache Olingo Affects Versions 4.0.0 to 4.6.0
CVE-2019-17556
9.8CRITICAL
What is CVE-2019-17556?
Apache Olingo versions 4.0.0 through 4.6.0 expose a deserialization vulnerability due to the AbstractService class, which publicly uses ObjectInputStream without validating the classes being deserialized. This flaw enables attackers to exploit the system by sending malicious metadata, potentially leading to the execution of arbitrary code. Implementing proper validation checks is essential to mitigate this risk.
Affected Version(s)
Olingo 4.0.0 to 4.6.0