Veracode Vulnerability DatabaseVERACODE:34380HTTP Header Injection
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
stanford-corenlp is vulnerable to HTTP header injection. The addResults function of NERServlet.java does not properly validate the data in an HTTP response, allowing an attacker to inject malicious headers in requests.
| CPE | Name | Operator | Version |
|---|---|---|---|
| stanford corenlp | eq | 1.3.5 | |
| stanford corenlp | le | 3.9.2 | |
| stanford corenlp | le | 4.3.2 | |
| stanford corenlp | eq | 1.3.5 | |
| stanford corenlp | le | 3.9.2 | |
| stanford corenlp | le | 4.3.2 |
References
github.com/advisories/GHSA-x2p8-rgfm-qw3v
github.com/stanfordnlp/CoreNLP/blob/d147ba597bb13efeab5c567d677854bfc69104e6/src/edu/stanford/nlp/ie/ner/webapp/NERServlet.java#L152-L159
github.com/stanfordnlp/CoreNLP/commit/5ee097dbede547023e88f60ed3f430ff09398b87
github.com/stanfordnlp/CoreNLP/issues/1222
github.com/stanfordnlp/CoreNLP/pull/1245
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P