Description

corenlp is vulnerable to Improper Restriction of XML External Entity Reference

Related CPE's

a

stanford

corenlp

Vulnerable

References

https://github.com/stanfordnlp/corenlp/commit/e5bbe135a02a74b952396751ed3015e8b8252e99

PatchThird Party Advisory

https://huntr.dev/bounties/a11c889b-ccff-4fea-9e29-963a23a63dd2

ExploitPatchThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-611

[email protected]

Secondary
CWE-611

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-10-15T14:15:07.857

3 years ago

Last modified

2021-10-20T19:55:08.027

3 years ago