CVE-2022-0198

MEDIUM6.1EPSS 0.19%

XML External Entity Reference in edu.stanford.nlp:stanford-corenlp

Published: 1/14/2022Modified: 2/19/2024

Description

The TransformXML() function makes use of SAXParser generated from a SAXParserFactory with no FEATURE_SECURE_PROCESSING set, allowing for XXE attacks.

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N