The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Server-Side Request Forgery (SSRF) vulnerabilities in an interactive lesson.
Start learningUpgrade org.apache.olingo:odata-client-core
to version 4.7.1 or higher.
org.apache.olingo:odata-client-core is a Java library and extensions around the OData specification.
Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF). It provides the AsyncRequestWrapperImpl
class which reads a URL from the Location header, and then sends a GET or DELETE request to this URL. It may allow to implement a SSRF attack. If an attacker tricks a client to connect to a malicious server, the server can make the client call any URL including internal resources which are not directly accessible by the attacker.