Lucene search
Veracode Vulnerability DatabaseVERACODE:34380HistoryFeb 25, 2022 - 5:41 a.m.
HTTP Header Injection
2022-02-2505:41:34
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
18
http header injection
stanford-corenlp
nerservlet.java
software vulnerability
http response
EPSS
0.003
Percentile
69.5%
stanford-corenlp is vulnerable to HTTP header injection. The addResults function of NERServlet.java does not properly validate the data in an HTTP response, allowing an attacker to inject malicious headers in requests.
References
github.com/advisories/GHSA-x2p8-rgfm-qw3v
github.com/stanfordnlp/CoreNLP/blob/d147ba597bb13efeab5c567d677854bfc69104e6/src/edu/stanford/nlp/ie/ner/webapp/NERServlet.java#L152-L159
github.com/stanfordnlp/CoreNLP/commit/5ee097dbede547023e88f60ed3f430ff09398b87
github.com/stanfordnlp/CoreNLP/issues/1222
github.com/stanfordnlp/CoreNLP/pull/1245
Related
github
github
Access Control vulnerability within CoreNLP
2022-02-25 00:01:07
nvd
nvd
CVE-2021-44550
2022-02-24 15:15:24
cve
cve
CVE-2021-44550
2022-02-24 15:15:24
prion
prion
Improper access control
2022-02-24 15:15:00
cvelist
cvelist
CVE-2021-44550
2022-02-23 20:19:17
osv
osv
CVE-2021-44550
2022-02-24 15:15:24
Access Control vulnerability within CoreNLP
2022-02-25 00:01:07
ibm
ibm
oracle
oracle
Oracle Critical Patch Update Advisory - July 2024
2024-07-16 00:00:00