Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2017-12620 Vulnerability in maven package org.apache.opennlp:opennlp-tools

Description

When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a library, this only affects applications that load models or dictionaries from untrusted sources. The versions 1.5.0 to 1.5.3, 1.6.0, 1.7.0 to 1.7.2, 1.8.0 to 1.8.1 of Apache OpenNLP are affected.

Remediation

References

http://opennlp.apache.org/news/cve-2017-12620.html

Related Vulnerabilities

CVE-2023-30548 Vulnerability in npm package gatsby-plugin-sharp

CVE-2021-34078 Vulnerability in npm package lifion-verify-deps

CVE-2015-8315 Vulnerability in npm package millisecond

CVE-2018-1000850 Vulnerability in maven package com.squareup.retrofit2:retrofit

CVE-2023-50730 Vulnerability in maven package org.typelevel:grackle-core_native0.4_3

Severity

Critical

Classification

CWE-611 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Vendor Advisory