CVE-2023-39020
https://notcve.org/view.php?id=CVE-2023-39020
stanford-parser v3.9.2 and below was discovered to contain a code injection vulnerability in the component edu.stanford.nlp.io.getBZip2PipedInputStream. This vulnerability is exploited via passing an unchecked argument. Se ha descubierto que standford-parser v3.9.2 y versiones inferiores contienen una vulnerabilidad de inyección de código en el componente "edu.stanford.nlp.io.getBZip2PipedInputStream". Esta vulnerabilidad se aprovecha pasando un argumento no comprobado. • https://github.com/LetianYuan/My-CVE-Public-References/tree/main/edu_stanford_nlp_stanford-parser • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2021-44550
https://notcve.org/view.php?id=CVE-2021-44550
An Incorrect Access Control vulnerability exists in CoreNLP 4.3.2 via the classifier in NERServlet.java (lines 158 and 159). Se presenta una vulnerabilidad de Control de Acceso Incorrecto en CoreNLP versión 4.3.2, por medio del clasificador en NERServlet.java (líneas 158 y 159) • https://github.com/stanfordnlp/CoreNLP/issues/1222 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2022-0239 – Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp
https://notcve.org/view.php?id=CVE-2022-0239
corenlp is vulnerable to Improper Restriction of XML External Entity Reference corenlp es vulnerable a una Restricción Inapropiada de una Referencia a Entidades Externas XML • https://github.com/stanfordnlp/corenlp/commit/1940ffb938dc4f3f5bc5f2a2fd8b35aabbbae3dd https://huntr.dev/bounties/a717aec2-5646-4a5f-ade0-dadc25736ae3 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2022-0198 – Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp
https://notcve.org/view.php?id=CVE-2022-0198
corenlp is vulnerable to Improper Restriction of XML External Entity Reference corenlp es vulnerable a una Restricción Inapropiada de la Referencia a Entidades Externas XML • https://github.com/stanfordnlp/corenlp/commit/1f52136321cfca68b991bd7870563d06cf96624d https://huntr.dev/bounties/3d7e70fe-dddd-4b79-af62-8e058c4d5763 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2021-3869 – Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp
https://notcve.org/view.php?id=CVE-2021-3869
corenlp is vulnerable to Improper Restriction of XML External Entity Reference corenlp es vulnerable a una Restricción Inapropiada de la Referencia a Entidades Externas XML • https://github.com/stanfordnlp/corenlp/commit/5d83f1e8482ca304db8be726cad89554c88f136a https://huntr.dev/bounties/2f8baf6c-14b3-420d-8ede-9805797cd324 • CWE-611: Improper Restriction of XML External Entity Reference •