Launch Week Day 1: Announcing Security Design Review

XML External Entity Reference in edu.stanford.nlp:stanford-corenlp

GHSA-mh83-jcw5-rjh8 · CVE-2022-0198

Published Jan 14, 2022 · Modified Feb 19, 2024

Description

The TransformXML() function makes use of SAXParser generated from a SAXParserFactory with no FEATURE_SECURE_PROCESSING set, allowing for XXE attacks.

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes