Show filters
7 Total Results
Displaying 1-7 of 7
Sort by:
Attacker Value
Unknown

CVE-2021-44550

Disclosure Date: February 24, 2022 (last updated February 23, 2025)
An Incorrect Access Control vulnerability exists in CoreNLP 4.3.2 via the classifier in NERServlet.java (lines 158 and 159).
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-0239

Disclosure Date: January 17, 2022 (last updated February 23, 2025)
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-0198

Disclosure Date: January 13, 2022 (last updated February 23, 2025)
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
Attack Vector: LocalPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-3869

Disclosure Date: October 19, 2021 (last updated February 23, 2025)
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-3878

Disclosure Date: October 15, 2021 (last updated February 23, 2025)
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-28440

Disclosure Date: December 11, 2020 (last updated February 22, 2025)
All versions of package corenlp-js-interface are vulnerable to Command Injection via the main function.
0
0
Attacker Value
Unknown

CVE-2020-28439

Disclosure Date: December 11, 2020 (last updated February 22, 2025)
This affects all versions of package corenlp-js-prefab. The injection point is located in line 10 in 'index.js.' It depends on a vulnerable package 'corenlp-js-interface.' Vulnerability can be exploited with the following PoC:
0
0