Description

An Incorrect Access Control vulnerability exists in CoreNLP 4.3.2 via the classifier in NERServlet.java (lines 158 and 159).

Remediation

References

https://github.com/stanfordnlp/CoreNLP/issues/1222

Related Vulnerabilities

CVE-2022-36537 Vulnerability in maven package org.zkoss.zk:zk

CVE-2020-7632 Vulnerability in npm package node-mpv

CVE-2020-28269 Vulnerability in npm package field

CVE-2023-35155 Vulnerability in maven package org.xwiki.platform:xwiki-platform-sharepage-api

CVE-2020-35149 Vulnerability in npm package mquery

Severity

Critical

Classification

CWE-74 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Issue Tracking Third Party Advisory