EPSS
Percentile
33.4%
The TransformXML() function makes use of SAXParser generated from a SAXParserFactory with no FEATURE_SECURE_PROCESSING set, allowing for XXE attacks.
github.com/stanfordnlp/corenlp
github.com/stanfordnlp/corenlp/commit/1f52136321cfca68b991bd7870563d06cf96624d
huntr.dev/bounties/3d7e70fe-dddd-4b79-af62-8e058c4d5763
nvd.nist.gov/vuln/detail/CVE-2022-0198