Lucene search
@huntrdevVULNRICHMENT:CVE-2022-0239HistoryJan 17, 2022 - 6:15 a.m.
CVE-2022-0239 Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp
2022-01-1706:15:11
CWE-611
@huntrdev
github.com
corenlp
xml
vulnerability
external entity
CVSS3
4.7
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
6.7
Confidence
Low
SSVC
Exploitation
poc
Automatable
yes
Technical Impact
total
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:stanford:corenlp:*:*:*:*:*:*:*:*"
],
"vendor": "stanford",
"product": "corenlp",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "4.3.3",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]Related
huntr
huntr
in stanfordnlp/corenlp
2022-01-15 03:28:43
prion
prion
Xxe
2022-01-17 07:15:00
cvelist
cvelist
github
github
nvd
nvd
CVE-2022-0239
2022-01-17 07:15:06
cve
cve
CVE-2022-0239
2022-01-17 07:15:06
veracode
veracode
XML External Entity (XXE)
2022-01-18 04:14:50
osv
osv
nessus
nessus
Oracle Business Intelligence Enterprise Edition (OAS 7.0) (July 2024 CPU)
2024-07-22 00:00:00
qualysblog
qualysblog
Oracle Critical Patch Update, July 2024 Security Update Review
2024-07-17 14:34:50
ibm
ibm
oracle
oracle
Oracle Critical Patch Update Advisory - July 2024
2024-07-16 00:00:00
CVSS3
4.7
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
6.7
Confidence
Low
SSVC
Exploitation
poc
Automatable
yes
Technical Impact
total
Related for VULNRICHMENT:CVE-2022-0239