Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities found for corenlp by stanford
CVE-2021-44550 (GCVE-0-2021-44550)
Vulnerability from nvd – Published: 2022-02-23 20:19 – Updated: 2024-08-04 04:25
VLAI?
Summary
An Incorrect Access Control vulnerability exists in CoreNLP 4.3.2 via the classifier in NERServlet.java (lines 158 and 159).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:25:16.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/stanfordnlp/CoreNLP/issues/1222"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Incorrect Access Control vulnerability exists in CoreNLP 4.3.2 via the classifier in NERServlet.java (lines 158 and 159)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-23T20:19:17.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/stanfordnlp/CoreNLP/issues/1222"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-44550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Incorrect Access Control vulnerability exists in CoreNLP 4.3.2 via the classifier in NERServlet.java (lines 158 and 159)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/stanfordnlp/CoreNLP/issues/1222",
"refsource": "MISC",
"url": "https://github.com/stanfordnlp/CoreNLP/issues/1222"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-44550",
"datePublished": "2022-02-23T20:19:17.000Z",
"dateReserved": "2021-12-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:25:16.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0239 (GCVE-0-2022-0239)
Vulnerability from nvd – Published: 2022-01-17 06:15 – Updated: 2024-08-23 14:38
VLAI?
Title
Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp
Summary
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
Severity ?
4.7 (Medium)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| stanfordnlp | stanfordnlp/corenlp |
Affected:
unspecified , < 4.3.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:42.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/a717aec2-5646-4a5f-ade0-dadc25736ae3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/stanfordnlp/corenlp/commit/1940ffb938dc4f3f5bc5f2a2fd8b35aabbbae3dd"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:stanford:corenlp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "corenlp",
"vendor": "stanford",
"versions": [
{
"lessThan": "4.3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-0239",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-23T03:55:39.631494Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T14:38:48.375Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "stanfordnlp/corenlp",
"vendor": "stanfordnlp",
"versions": [
{
"lessThan": "4.3.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "corenlp is vulnerable to Improper Restriction of XML External Entity Reference"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-17T06:15:11.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/a717aec2-5646-4a5f-ade0-dadc25736ae3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/stanfordnlp/corenlp/commit/1940ffb938dc4f3f5bc5f2a2fd8b35aabbbae3dd"
}
],
"source": {
"advisory": "a717aec2-5646-4a5f-ade0-dadc25736ae3",
"discovery": "EXTERNAL"
},
"title": "Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0239",
"STATE": "PUBLIC",
"TITLE": "Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "stanfordnlp/corenlp",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.3.3"
}
]
}
}
]
},
"vendor_name": "stanfordnlp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "corenlp is vulnerable to Improper Restriction of XML External Entity Reference"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611 Improper Restriction of XML External Entity Reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/a717aec2-5646-4a5f-ade0-dadc25736ae3",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/a717aec2-5646-4a5f-ade0-dadc25736ae3"
},
{
"name": "https://github.com/stanfordnlp/corenlp/commit/1940ffb938dc4f3f5bc5f2a2fd8b35aabbbae3dd",
"refsource": "MISC",
"url": "https://github.com/stanfordnlp/corenlp/commit/1940ffb938dc4f3f5bc5f2a2fd8b35aabbbae3dd"
}
]
},
"source": {
"advisory": "a717aec2-5646-4a5f-ade0-dadc25736ae3",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0239",
"datePublished": "2022-01-17T06:15:11.000Z",
"dateReserved": "2022-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-23T14:38:48.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0198 (GCVE-0-2022-0198)
Vulnerability from nvd – Published: 2022-01-13 06:45 – Updated: 2024-08-02 23:18
VLAI?
Title
Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp
Summary
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
Severity ?
6.1 (Medium)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| stanfordnlp | stanfordnlp/corenlp |
Affected:
unspecified , < 4.3.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:42.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/3d7e70fe-dddd-4b79-af62-8e058c4d5763"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/stanfordnlp/corenlp/commit/1f52136321cfca68b991bd7870563d06cf96624d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "stanfordnlp/corenlp",
"vendor": "stanfordnlp",
"versions": [
{
"lessThan": "4.3.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "corenlp is vulnerable to Improper Restriction of XML External Entity Reference"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-13T06:45:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/3d7e70fe-dddd-4b79-af62-8e058c4d5763"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/stanfordnlp/corenlp/commit/1f52136321cfca68b991bd7870563d06cf96624d"
}
],
"source": {
"advisory": "3d7e70fe-dddd-4b79-af62-8e058c4d5763",
"discovery": "EXTERNAL"
},
"title": "Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0198",
"STATE": "PUBLIC",
"TITLE": "Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "stanfordnlp/corenlp",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.3.3"
}
]
}
}
]
},
"vendor_name": "stanfordnlp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "corenlp is vulnerable to Improper Restriction of XML External Entity Reference"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611 Improper Restriction of XML External Entity Reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/3d7e70fe-dddd-4b79-af62-8e058c4d5763",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/3d7e70fe-dddd-4b79-af62-8e058c4d5763"
},
{
"name": "https://github.com/stanfordnlp/corenlp/commit/1f52136321cfca68b991bd7870563d06cf96624d",
"refsource": "MISC",
"url": "https://github.com/stanfordnlp/corenlp/commit/1f52136321cfca68b991bd7870563d06cf96624d"
}
]
},
"source": {
"advisory": "3d7e70fe-dddd-4b79-af62-8e058c4d5763",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0198",
"datePublished": "2022-01-13T06:45:10.000Z",
"dateReserved": "2022-01-12T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:18:42.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3869 (GCVE-0-2021-3869)
Vulnerability from nvd – Published: 2021-10-19 12:30 – Updated: 2024-08-03 17:09
VLAI?
Title
Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp
Summary
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
Severity ?
8.6 (High)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| stanfordnlp | stanfordnlp/corenlp |
Affected:
unspecified , ≤ 4.3.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/2f8baf6c-14b3-420d-8ede-9805797cd324"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/stanfordnlp/corenlp/commit/5d83f1e8482ca304db8be726cad89554c88f136a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "stanfordnlp/corenlp",
"vendor": "stanfordnlp",
"versions": [
{
"lessThanOrEqual": "4.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "corenlp is vulnerable to Improper Restriction of XML External Entity Reference"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-19T12:30:32.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/2f8baf6c-14b3-420d-8ede-9805797cd324"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/stanfordnlp/corenlp/commit/5d83f1e8482ca304db8be726cad89554c88f136a"
}
],
"source": {
"advisory": "2f8baf6c-14b3-420d-8ede-9805797cd324",
"discovery": "EXTERNAL"
},
"title": "Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3869",
"STATE": "PUBLIC",
"TITLE": "Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "stanfordnlp/corenlp",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "4.3.0"
}
]
}
}
]
},
"vendor_name": "stanfordnlp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "corenlp is vulnerable to Improper Restriction of XML External Entity Reference"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611 Improper Restriction of XML External Entity Reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/2f8baf6c-14b3-420d-8ede-9805797cd324",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/2f8baf6c-14b3-420d-8ede-9805797cd324"
},
{
"name": "https://github.com/stanfordnlp/corenlp/commit/5d83f1e8482ca304db8be726cad89554c88f136a",
"refsource": "MISC",
"url": "https://github.com/stanfordnlp/corenlp/commit/5d83f1e8482ca304db8be726cad89554c88f136a"
}
]
},
"source": {
"advisory": "2f8baf6c-14b3-420d-8ede-9805797cd324",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3869",
"datePublished": "2021-10-19T12:30:32.000Z",
"dateReserved": "2021-10-07T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:09:09.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3878 (GCVE-0-2021-3878)
Vulnerability from nvd – Published: 2021-10-15 13:40 – Updated: 2024-08-03 17:09
VLAI?
Title
Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp
Summary
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
Severity ?
9.8 (Critical)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| stanfordnlp | stanfordnlp/corenlp |
Affected:
unspecified , ≤ 4.3.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/a11c889b-ccff-4fea-9e29-963a23a63dd2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/stanfordnlp/corenlp/commit/e5bbe135a02a74b952396751ed3015e8b8252e99"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "stanfordnlp/corenlp",
"vendor": "stanfordnlp",
"versions": [
{
"lessThanOrEqual": "4.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "corenlp is vulnerable to Improper Restriction of XML External Entity Reference"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-15T13:40:21.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/a11c889b-ccff-4fea-9e29-963a23a63dd2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/stanfordnlp/corenlp/commit/e5bbe135a02a74b952396751ed3015e8b8252e99"
}
],
"source": {
"advisory": "a11c889b-ccff-4fea-9e29-963a23a63dd2",
"discovery": "EXTERNAL"
},
"title": "Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3878",
"STATE": "PUBLIC",
"TITLE": "Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "stanfordnlp/corenlp",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "4.3.0"
}
]
}
}
]
},
"vendor_name": "stanfordnlp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "corenlp is vulnerable to Improper Restriction of XML External Entity Reference"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611 Improper Restriction of XML External Entity Reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/a11c889b-ccff-4fea-9e29-963a23a63dd2",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/a11c889b-ccff-4fea-9e29-963a23a63dd2"
},
{
"name": "https://github.com/stanfordnlp/corenlp/commit/e5bbe135a02a74b952396751ed3015e8b8252e99",
"refsource": "MISC",
"url": "https://github.com/stanfordnlp/corenlp/commit/e5bbe135a02a74b952396751ed3015e8b8252e99"
}
]
},
"source": {
"advisory": "a11c889b-ccff-4fea-9e29-963a23a63dd2",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3878",
"datePublished": "2021-10-15T13:40:21.000Z",
"dateReserved": "2021-10-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:09:09.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44550 (GCVE-0-2021-44550)
Vulnerability from cvelistv5 – Published: 2022-02-23 20:19 – Updated: 2024-08-04 04:25
VLAI?
Summary
An Incorrect Access Control vulnerability exists in CoreNLP 4.3.2 via the classifier in NERServlet.java (lines 158 and 159).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:25:16.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/stanfordnlp/CoreNLP/issues/1222"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Incorrect Access Control vulnerability exists in CoreNLP 4.3.2 via the classifier in NERServlet.java (lines 158 and 159)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-23T20:19:17.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/stanfordnlp/CoreNLP/issues/1222"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-44550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Incorrect Access Control vulnerability exists in CoreNLP 4.3.2 via the classifier in NERServlet.java (lines 158 and 159)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/stanfordnlp/CoreNLP/issues/1222",
"refsource": "MISC",
"url": "https://github.com/stanfordnlp/CoreNLP/issues/1222"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-44550",
"datePublished": "2022-02-23T20:19:17.000Z",
"dateReserved": "2021-12-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:25:16.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0239 (GCVE-0-2022-0239)
Vulnerability from cvelistv5 – Published: 2022-01-17 06:15 – Updated: 2024-08-23 14:38
VLAI?
Title
Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp
Summary
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
Severity ?
4.7 (Medium)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| stanfordnlp | stanfordnlp/corenlp |
Affected:
unspecified , < 4.3.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:42.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/a717aec2-5646-4a5f-ade0-dadc25736ae3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/stanfordnlp/corenlp/commit/1940ffb938dc4f3f5bc5f2a2fd8b35aabbbae3dd"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:stanford:corenlp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "corenlp",
"vendor": "stanford",
"versions": [
{
"lessThan": "4.3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-0239",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-23T03:55:39.631494Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T14:38:48.375Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "stanfordnlp/corenlp",
"vendor": "stanfordnlp",
"versions": [
{
"lessThan": "4.3.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "corenlp is vulnerable to Improper Restriction of XML External Entity Reference"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-17T06:15:11.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/a717aec2-5646-4a5f-ade0-dadc25736ae3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/stanfordnlp/corenlp/commit/1940ffb938dc4f3f5bc5f2a2fd8b35aabbbae3dd"
}
],
"source": {
"advisory": "a717aec2-5646-4a5f-ade0-dadc25736ae3",
"discovery": "EXTERNAL"
},
"title": "Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0239",
"STATE": "PUBLIC",
"TITLE": "Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "stanfordnlp/corenlp",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.3.3"
}
]
}
}
]
},
"vendor_name": "stanfordnlp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "corenlp is vulnerable to Improper Restriction of XML External Entity Reference"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611 Improper Restriction of XML External Entity Reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/a717aec2-5646-4a5f-ade0-dadc25736ae3",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/a717aec2-5646-4a5f-ade0-dadc25736ae3"
},
{
"name": "https://github.com/stanfordnlp/corenlp/commit/1940ffb938dc4f3f5bc5f2a2fd8b35aabbbae3dd",
"refsource": "MISC",
"url": "https://github.com/stanfordnlp/corenlp/commit/1940ffb938dc4f3f5bc5f2a2fd8b35aabbbae3dd"
}
]
},
"source": {
"advisory": "a717aec2-5646-4a5f-ade0-dadc25736ae3",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0239",
"datePublished": "2022-01-17T06:15:11.000Z",
"dateReserved": "2022-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-23T14:38:48.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0198 (GCVE-0-2022-0198)
Vulnerability from cvelistv5 – Published: 2022-01-13 06:45 – Updated: 2024-08-02 23:18
VLAI?
Title
Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp
Summary
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
Severity ?
6.1 (Medium)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| stanfordnlp | stanfordnlp/corenlp |
Affected:
unspecified , < 4.3.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:42.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/3d7e70fe-dddd-4b79-af62-8e058c4d5763"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/stanfordnlp/corenlp/commit/1f52136321cfca68b991bd7870563d06cf96624d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "stanfordnlp/corenlp",
"vendor": "stanfordnlp",
"versions": [
{
"lessThan": "4.3.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "corenlp is vulnerable to Improper Restriction of XML External Entity Reference"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-13T06:45:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/3d7e70fe-dddd-4b79-af62-8e058c4d5763"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/stanfordnlp/corenlp/commit/1f52136321cfca68b991bd7870563d06cf96624d"
}
],
"source": {
"advisory": "3d7e70fe-dddd-4b79-af62-8e058c4d5763",
"discovery": "EXTERNAL"
},
"title": "Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0198",
"STATE": "PUBLIC",
"TITLE": "Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "stanfordnlp/corenlp",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.3.3"
}
]
}
}
]
},
"vendor_name": "stanfordnlp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "corenlp is vulnerable to Improper Restriction of XML External Entity Reference"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611 Improper Restriction of XML External Entity Reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/3d7e70fe-dddd-4b79-af62-8e058c4d5763",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/3d7e70fe-dddd-4b79-af62-8e058c4d5763"
},
{
"name": "https://github.com/stanfordnlp/corenlp/commit/1f52136321cfca68b991bd7870563d06cf96624d",
"refsource": "MISC",
"url": "https://github.com/stanfordnlp/corenlp/commit/1f52136321cfca68b991bd7870563d06cf96624d"
}
]
},
"source": {
"advisory": "3d7e70fe-dddd-4b79-af62-8e058c4d5763",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0198",
"datePublished": "2022-01-13T06:45:10.000Z",
"dateReserved": "2022-01-12T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:18:42.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3869 (GCVE-0-2021-3869)
Vulnerability from cvelistv5 – Published: 2021-10-19 12:30 – Updated: 2024-08-03 17:09
VLAI?
Title
Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp
Summary
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
Severity ?
8.6 (High)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| stanfordnlp | stanfordnlp/corenlp |
Affected:
unspecified , ≤ 4.3.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/2f8baf6c-14b3-420d-8ede-9805797cd324"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/stanfordnlp/corenlp/commit/5d83f1e8482ca304db8be726cad89554c88f136a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "stanfordnlp/corenlp",
"vendor": "stanfordnlp",
"versions": [
{
"lessThanOrEqual": "4.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "corenlp is vulnerable to Improper Restriction of XML External Entity Reference"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-19T12:30:32.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/2f8baf6c-14b3-420d-8ede-9805797cd324"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/stanfordnlp/corenlp/commit/5d83f1e8482ca304db8be726cad89554c88f136a"
}
],
"source": {
"advisory": "2f8baf6c-14b3-420d-8ede-9805797cd324",
"discovery": "EXTERNAL"
},
"title": "Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3869",
"STATE": "PUBLIC",
"TITLE": "Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "stanfordnlp/corenlp",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "4.3.0"
}
]
}
}
]
},
"vendor_name": "stanfordnlp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "corenlp is vulnerable to Improper Restriction of XML External Entity Reference"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611 Improper Restriction of XML External Entity Reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/2f8baf6c-14b3-420d-8ede-9805797cd324",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/2f8baf6c-14b3-420d-8ede-9805797cd324"
},
{
"name": "https://github.com/stanfordnlp/corenlp/commit/5d83f1e8482ca304db8be726cad89554c88f136a",
"refsource": "MISC",
"url": "https://github.com/stanfordnlp/corenlp/commit/5d83f1e8482ca304db8be726cad89554c88f136a"
}
]
},
"source": {
"advisory": "2f8baf6c-14b3-420d-8ede-9805797cd324",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3869",
"datePublished": "2021-10-19T12:30:32.000Z",
"dateReserved": "2021-10-07T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:09:09.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3878 (GCVE-0-2021-3878)
Vulnerability from cvelistv5 – Published: 2021-10-15 13:40 – Updated: 2024-08-03 17:09
VLAI?
Title
Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp
Summary
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
Severity ?
9.8 (Critical)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| stanfordnlp | stanfordnlp/corenlp |
Affected:
unspecified , ≤ 4.3.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/a11c889b-ccff-4fea-9e29-963a23a63dd2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/stanfordnlp/corenlp/commit/e5bbe135a02a74b952396751ed3015e8b8252e99"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "stanfordnlp/corenlp",
"vendor": "stanfordnlp",
"versions": [
{
"lessThanOrEqual": "4.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "corenlp is vulnerable to Improper Restriction of XML External Entity Reference"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-15T13:40:21.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/a11c889b-ccff-4fea-9e29-963a23a63dd2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/stanfordnlp/corenlp/commit/e5bbe135a02a74b952396751ed3015e8b8252e99"
}
],
"source": {
"advisory": "a11c889b-ccff-4fea-9e29-963a23a63dd2",
"discovery": "EXTERNAL"
},
"title": "Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3878",
"STATE": "PUBLIC",
"TITLE": "Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "stanfordnlp/corenlp",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "4.3.0"
}
]
}
}
]
},
"vendor_name": "stanfordnlp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "corenlp is vulnerable to Improper Restriction of XML External Entity Reference"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611 Improper Restriction of XML External Entity Reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/a11c889b-ccff-4fea-9e29-963a23a63dd2",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/a11c889b-ccff-4fea-9e29-963a23a63dd2"
},
{
"name": "https://github.com/stanfordnlp/corenlp/commit/e5bbe135a02a74b952396751ed3015e8b8252e99",
"refsource": "MISC",
"url": "https://github.com/stanfordnlp/corenlp/commit/e5bbe135a02a74b952396751ed3015e8b8252e99"
}
]
},
"source": {
"advisory": "a11c889b-ccff-4fea-9e29-963a23a63dd2",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3878",
"datePublished": "2021-10-15T13:40:21.000Z",
"dateReserved": "2021-10-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:09:09.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}