Improper Restriction of XML External Entity Reference in Apache OpenNLP

GHSA-h22x-hm8g-rxpg · CVE-2017-12620

Published May 17, 2022 · Modified Nov 8, 2023

Description

When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a library, this only affects applications that load models or dictionaries from untrusted sources. The versions 1.5.0 to 1.5.3, 1.6.0, 1.7.0 to 1.7.2, 1.8.0 to 1.8.1 of Apache OpenNLP are affected.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2017-12620
WEB http://opennlp.apache.org/news/cve-2017-12620.html

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes