stanford-corenlp is vulnerable to xml external entity attacks. The vulnerability exists in the getValidatingXmlParser
function in XMLUtils.java
due to lack of sanitization of XML input containing a reference to an external entity, allowing an attacker to pass malicious schema XML file when SchemaFactory
parses the schema XML file.
CPE | Name | Operator | Version |
---|---|---|---|
stanford corenlp | le | 4.3.2 | |
stanford corenlp | le | 4.3.2 |