odata-client-core is vulnerable to denial of service (DoS). The attack is possible because AsyncResponseWrapperImpl
class fails to validate the retryAfter
value before directly parsing it to the Thread.sleep()
method, allowing a malicious server to trigger an application crash via a huge value in the header.
CPE | Name | Operator | Version |
---|---|---|---|
odata-client-core | le | 4.6.0 |