Description
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
References (2)
Core 2
Core References
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://huntr.dev/bounties/3d7e70fe-dddd-4b79-af62-8e058c4d5763
Patch, Third Party Advisory x_refsource_misc
https://github.com/stanfordnlp/corenlp/commit/1f52136321cfca68b991bd7870563d06cf96624d
Scores
CVSS v3
7.1
EPSS
0.0019
EPSS Percentile
40.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Details
CWE
CWE-611
Status
published
Products (2)
edu.stanford.nlp/stanford-corenlp
0Maven
stanford/corenlp
< 4.3.2
Published
Jan 13, 2022
Tracked Since
Feb 18, 2026