Lucene search
K
ApacheOpennlp

4 matches found

CVE
CVE
added 2017/10/02 2:0 p.m.85 views

CVE-2017-12620

CVE-2017-12620 describes an XML External Entity (XXE) vulnerability in Apache OpenNLP when loading models or dictionaries that contain XML from untrusted sources. The connected documents identify the affected OpenNLP versions: 1.5.0–1.5.3, 1.6.0, and 1.7.0–1.7.2, 1.8.0–1.8.1. The XXE issue is the...

9.8CVSS9.3AI score0.03016EPSS
CVE
CVE
added 2026/05/04 4:55 p.m.50 views

CVE-2026-40682

CVE-2026-40682 (Apache OpenNLP) XXE in DictionaryEntryPersistor via unsanitized dictionary parsing. The DictionaryEntryPersistor initializes a static SAXParserFactory at class-load time without enabling secure features, leaving DOCTYPE processing and external entity resolution enabled. When Dicti...

9.1CVSS5.8AI score0.00515EPSS
CVE
CVE
added 2026/05/04 4:43 p.m.24 views

CVE-2026-42027

The CVE-2026-42027 issue affects Apache OpenNLP ExtensionLoader: ExtensionLoader.instantiateExtension(Class, String) uses Class.forName() to load a class name from a model archive manifest and invokes its no-arg constructor. Although the isAssignableFrom check filters types after loading, Class.f...

9.8CVSS6AI score0.00692EPSS
CVE
CVE
added 2026/05/04 4:40 p.m.24 views

CVE-2026-42440

CVE-2026-42440 affects Apache OpenNLP, specifically AbstractModelReader. The vulnerability arises when getOutcomes(), getOutcomePatterns(), and getPredicates() read a 32-bit signed count from a binary model stream and allocate arrays (String[numOutcomes], int[numOCTypes][], String[NUM_PREDS]) wit...

7.5CVSS5.8AI score0.00627EPSS