Description

corenlp is vulnerable to Improper Restriction of XML External Entity Reference

Related CPE's

a

stanford

corenlp

Vulnerable

References

https://github.com/stanfordnlp/corenlp/commit/e5bbe135a02a74b952396751ed3015e8b8252e99

PatchThird Party Advisory

https://huntr.dev/bounties/a11c889b-ccff-4fea-9e29-963a23a63dd2

ExploitPatchThird Party Advisory

https://github.com/stanfordnlp/corenlp/commit/e5bbe135a02a74b952396751ed3015e8b8252e99

PatchThird Party Advisory

https://huntr.dev/bounties/a11c889b-ccff-4fea-9e29-963a23a63dd2

ExploitPatchThird Party Advisory

Weaknesses

[email protected]

Secondary
CWE-611

[email protected]

Primary
CWE-611

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-10-15T12:15:07.857Z

4 years ago

Last modified

2025-09-08T14:35:58.990Z

5 months ago