stanford-corenlp is vulnerable to XML external entity (XXE) injection attacks. The vulnerability exists because the readDocument() function in ‘DomReader.java’ doesn’t disable access to external entities by default, allowing a malicious attacker to provide a crafted XML file and expose contents of local files to the remote server.
CPE | Name | Operator | Version |
---|---|---|---|
stanford corenlp | le | 4.3.0 | |
stanford corenlp | le | 4.3.0 |