3 matches found
ae.teletronics.nlp:entityextraction (>=1.3 <=1.4), ai.tock:tock-nlp-model-stanford (>=19.9.0 <=22.3.2) +202 more potentially affected by CVE-2022-0198 via edu.stanford.nlp:stanford-corenlp (>=1.2.0 <=4.3.2)
edu.stanford.nlp:stanford-corenlp MAVEN version =1.2.0, =1.3, =19.9.0, =2.09, =2.7.3, =2.7.3, =2.7.3, =2.0.0, =2.0.1, =2.5, =3.0.1 - com.github.hungntbka:htime =1.0 - com.github.jenshaase.uimascala:arktweetpostagger2.11 =0.6.1 - com.github.jenshaase.uimascala:arktweettokenizer2.11 =0.6.1 -...
CVE-2022-0198 Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp
corenlp is vulnerable to Improper Restriction of XML External Entity Reference...
CVE-2022-0198
The CVE-2022-0198 entry concerns Stanford CoreNLP (stanfordnlp/corenlp) and an XML External Entity (XXE) vulnerability. Affected component: CoreNLP’s XML processing via TransformXML()/XML parsing paths, leading to improper restriction of external entities. Potential impact (per sources): reading ...