Description
An Incorrect Access Control vulnerability exists in CoreNLP 4.3.2 via the classifier in NERServlet.java (lines 158 and 159).
Remediation
References
https://github.com/stanfordnlp/CoreNLP/issues/1222
Related Vulnerabilities
CVE-2022-45685 Vulnerability in maven package org.codehaus.jettison:jettison
CVE-2023-40185 Vulnerability in npm package shescape
CVE-2022-25767 Vulnerability in maven package com.bstek.ureport:ureport2-console
CVE-2021-41246 Vulnerability in npm package express-openid-connect
CVE-2022-28366 Vulnerability in maven package net.sourceforge.htmlunit:neko-htmlunit