Lucene search

GitHub Advisory DatabaseGHSA-MH83-JCW5-RJH8

HistoryJan 14, 2022 - 9:07 p.m.

XML External Entity Reference in edu.stanford.nlp:stanford-corenlp

2022-01-1421:07:23

CWE-611

GitHub Advisory Database

github.com

transformxml() function

saxparser

feature_secure_processing

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

33.4%

JSON

The TransformXML() function makes use of SAXParser generated from a SAXParserFactory with no FEATURE_SECURE_PROCESSING set, allowing for XXE attacks.

Affected configurations

Vulners

Node

edu.stanford.nlp\stanfordMatchcorenlp

VendorProductVersionCPE
edu.stanford.nlp\stanfordcorenlpcpe:2.3:a:edu.stanford.nlp\:stanford:corenlp:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
edu.stanford.nlp\	stanford	corenlp	cpe:2.3:a:edu.stanford.nlp\:stanford:corenlp::::::::

References

github.com/advisories/GHSA-mh83-jcw5-rjh8

github.com/stanfordnlp/corenlp/commit/1f52136321cfca68b991bd7870563d06cf96624d

huntr.dev/bounties/3d7e70fe-dddd-4b79-af62-8e058c4d5763

nvd.nist.gov/vuln/detail/CVE-2022-0198

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

33.4%

JSON

Related for GHSA-MH83-JCW5-RJH8