Lucene search
Veracode Vulnerability DatabaseVERACODE:33734HistoryJan 18, 2022 - 4:14 a.m.
XML External Entity (XXE)
2022-01-1804:14:50
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
xml
external entity
vulnerability
stanford-corenlp
xmlutils.java
schemafactory
parser
EPSS
0.002
Percentile
62.3%
stanford-corenlp is vulnerable to xml external entity attacks. The vulnerability exists in the getValidatingXmlParser function in XMLUtils.java due to lack of sanitization of XML input containing a reference to an external entity, allowing an attacker to pass malicious schema XML file when SchemaFactory parses the schema XML file.
Related
huntr
huntr
in stanfordnlp/corenlp
2022-01-15 03:28:43
cvelist
cvelist
github
github
nvd
nvd
CVE-2022-0239
2022-01-17 07:15:06
cve
cve
CVE-2022-0239
2022-01-17 07:15:06
prion
prion
Xxe
2022-01-17 07:15:00
vulnrichment
vulnrichment
osv
osv
nessus
nessus
Oracle Business Intelligence Enterprise Edition (OAS 7.0) (July 2024 CPU)
2024-07-22 00:00:00
qualysblog
qualysblog
Oracle Critical Patch Update, July 2024 Security Update Review
2024-07-17 14:34:50
ibm
ibm
oracle
oracle
Oracle Critical Patch Update Advisory - July 2024
2024-07-16 00:00:00