stanford-corenlp is vulnerable to HTTP header injection. The addResults
function of NERServlet.java
does not properly validate the data in an HTTP response, allowing an attacker to inject malicious headers in requests.
github.com/advisories/GHSA-x2p8-rgfm-qw3v
github.com/stanfordnlp/CoreNLP/blob/d147ba597bb13efeab5c567d677854bfc69104e6/src/edu/stanford/nlp/ie/ner/webapp/NERServlet.java#L152-L159
github.com/stanfordnlp/CoreNLP/commit/5ee097dbede547023e88f60ed3f430ff09398b87
github.com/stanfordnlp/CoreNLP/issues/1222
github.com/stanfordnlp/CoreNLP/pull/1245