This article describes a solution for a Medium vulnerability (SC2019-004-359228) reported by Microsoft in Microsoft Security Advisory CVE-2018-8269: Denial of Service Vulnerability in OData.
The Microsoft.Data.OData.dll assembly (version < 5.8.4) that is affected by this vulnerability is included in Sitecore Commerce Engine release packages. For example, the Sitecore.Commerce.Engine.OnPrem.Solr.4.0.165.scwdp.zip archive, included in Sitecore Experience Commerce 9.2 release package, contains the affected assembly.
We encourage Sitecore customers and partners to familiarize themselves with the information that follows and apply the fix to all affected Sitecore systems.
If you would like to receive notifications about new Security Bulletins, please subscribe to the Security Bulletins RSS Feed.