Количество 2
Количество 2
CVE-2017-12620
When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a library, this only affects applications that load models or dictionaries from untrusted sources. The versions 1.5.0 to 1.5.3, 1.6.0, 1.7.0 to 1.7.2, 1.8.0 to 1.8.1 of Apache OpenNLP are affected.
GHSA-h22x-hm8g-rxpg
Improper Restriction of XML External Entity Reference in Apache OpenNLP
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2017-12620 When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a library, this only affects applications that load models or dictionaries from untrusted sources. The versions 1.5.0 to 1.5.3, 1.6.0, 1.7.0 to 1.7.2, 1.8.0 to 1.8.1 of Apache OpenNLP are affected. | CVSS3: 9.8 | 1% Низкий | больше 8 лет назад |
| GHSA-h22x-hm8g-rxpg Improper Restriction of XML External Entity Reference in Apache OpenNLP | CVSS3: 9.8 | 1% Низкий | больше 3 лет назад |
Уязвимостей на страницу