An Incorrect Access Control vulnerability exists in CoreNLP 4.3.2 via the classifier in NERServlet.java (lines 158 and...
9.8CVSS
9.3AI Score
0.003EPSS
9.8CVSS
9.3AI Score
0.002EPSS
7.1CVSS
6.8AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.002EPSS
9.8CVSS
9.3AI Score
0.003EPSS
All versions of package corenlp-js-interface are vulnerable to Command Injection via the main...
9.8CVSS
9.7AI Score
0.004EPSS
This affects all versions of package corenlp-js-prefab. The injection point is located in line 10 in 'index.js.' It depends on a vulnerable package 'corenlp-js-interface.' Vulnerability can be exploited with the following...
9.8CVSS
9.5AI Score
0.002EPSS