Description
An Incorrect Access Control vulnerability exists in CoreNLP 4.3.2 via the classifier in NERServlet.java (lines 158 and 159).
Remediation
References
https://github.com/stanfordnlp/CoreNLP/issues/1222
Related Vulnerabilities
CVE-2021-23399 Vulnerability in npm package wincred
CVE-2021-27185 Vulnerability in npm package samba-client
CVE-2020-35214 Vulnerability in maven package io.atomix:atomix
CVE-2020-11022 Vulnerability in maven package org.webjars.npm:jquery
CVE-2023-24057 Vulnerability in maven package ca.uhn.hapi.fhir:org.hl7.fhir.r5