Tag Archives: Apache

CVE-2019-17556: Unsafe deserialization in Apache Olingo

Some time ago I wrote about one security issue which I found in the library. This post describes another little vulnerability in Apache Olingo. The issue has been fixed in the 4.7.0 release as well.

By the way, Apache Olingo is a Java library that implements the Open Data Protocol (OData). This protocol allows the creation and consumption of queryable and interoperable RESTful APIs in a simple way.

CVE-2019-17556: Unsafe deserialization in Apache Olingo
Continue reading

CVE-2019-17555: DoS via Retry-After header in Apache Olingo

Apache Olingo is a Java library that implements the Open Data Protocol (OData). This protocol allows the creation and consumption of queryable and interoperable RESTful APIs in a simple way.

This post describes a little vulnerability that I recently discovered in Apache Olingo. The issue has been fixed in the 4.7.0 release.

CVE-2019-17555: DoS via Retry-After header in Apache Olingo
Continue reading

CVE-2019-12415: XML processing vulnerability in Apache POI

Apache POI is a popular Java library for working with Microsoft documents. For example, it allows you reading and writing Microsoft Excel files using Java. When I was recently looking into the library, I noticed a little vulnerability which then became CVE-2019-12415. The issue has been fixed in POI 4.1.1. Below are the details.

CVE-2019-12415: XML processing vulnerability in Apache POI
Continue reading