Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2017-12620 Vulnerability in maven package org.apache.opennlp:opennlp-tools

Description

When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a library, this only affects applications that load models or dictionaries from untrusted sources. The versions 1.5.0 to 1.5.3, 1.6.0, 1.7.0 to 1.7.2, 1.8.0 to 1.8.1 of Apache OpenNLP are affected.

Remediation

References

http://opennlp.apache.org/news/cve-2017-12620.html

Related Vulnerabilities

CVE-2021-3803 Vulnerability in npm package nth-check

CVE-2023-25572 Vulnerability in npm package react-admin

CVE-2022-1330 Vulnerability in maven package org.webjars.bower:fullpage

CVE-2016-10735 Vulnerability in maven package ru.taskurotta:bootstrap

CVE-2022-46687 Vulnerability in maven package io.jenkins.plugins:spring-config

Severity

Critical

Classification

CWE-611 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Vendor Advisory