Vulnerability Details CVE-2021-3869
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.7%
CVSS Severity
CVSS v3 Score 8.6
CVSS v2 Score 5.0
References
- https://github.com/stanfordnlp/corenlp/commit/5d83f1e8482ca304db8be726cad89554c88f136a
- https://huntr.dev/bounties/2f8baf6c-14b3-420d-8ede-9805797cd324
- https://github.com/stanfordnlp/corenlp/commit/5d83f1e8482ca304db8be726cad89554c88f136a
- https://huntr.dev/bounties/2f8baf6c-14b3-420d-8ede-9805797cd324
Products affected by CVE-2021-3869
-
cpe:2.3:a:stanford:corenlp:1.3.5
-
cpe:2.3:a:stanford:corenlp:1.3.6
-
cpe:2.3:a:stanford:corenlp:3.3.0
-
cpe:2.3:a:stanford:corenlp:3.3.1
-
cpe:2.3:a:stanford:corenlp:3.4.0
-
cpe:2.3:a:stanford:corenlp:3.4.1
-
cpe:2.3:a:stanford:corenlp:3.5.0
-
cpe:2.3:a:stanford:corenlp:3.5.1
-
cpe:2.3:a:stanford:corenlp:3.5.2
-
cpe:2.3:a:stanford:corenlp:3.6.0
-
cpe:2.3:a:stanford:corenlp:3.7.0
-
cpe:2.3:a:stanford:corenlp:3.8.0
-
cpe:2.3:a:stanford:corenlp:3.9.1
-
cpe:2.3:a:stanford:corenlp:3.9.2
-
cpe:2.3:a:stanford:corenlp:3.9.2b
-
cpe:2.3:a:stanford:corenlp:4.0.0
-
cpe:2.3:a:stanford:corenlp:4.1.0
-
cpe:2.3:a:stanford:corenlp:4.2.0
-
cpe:2.3:a:stanford:corenlp:4.2.1
-
cpe:2.3:a:stanford:corenlp:4.2.2
-
cpe:2.3:a:stanford:corenlp:4.3.0