Stanford : Security Vulnerabilities, CVEs,
stanford-parser v3.9.2 and below was discovered to contain a code injection vulnerability in the component edu.stanford.nlp.io.getBZip2PipedInputStream. This vulnerability is exploited via passing an unchecked argument.
Max CVSS
9.8
EPSS Score
0.13%
Published
2023-07-28
Updated
2023-08-03
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
Max CVSS
9.8
EPSS Score
0.19%
Published
2022-01-17
Updated
2022-01-22
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
Max CVSS
7.1
EPSS Score
0.07%
Published
2022-01-13
Updated
2022-01-19
An Incorrect Access Control vulnerability exists in CoreNLP 4.3.2 via the classifier in NERServlet.java (lines 158 and 159).
Max CVSS
9.8
EPSS Score
0.30%
Published
2022-02-24
Updated
2022-07-12
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
Max CVSS
9.8
EPSS Score
0.19%
Published
2021-10-15
Updated
2021-10-20
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
Max CVSS
8.6
EPSS Score
0.15%
Published
2021-10-19
Updated
2021-10-21
webauth before 4.6.1 has authentication credential disclosure
Max CVSS
7.5
EPSS Score
0.43%
Published
2019-12-03
Updated
2019-12-10
weblogin/login.fcgi (aka the WebLogin login script) in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which allows context-dependent attackers to discover passwords by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.
Max CVSS
4.3
EPSS Score
0.16%
Published
2009-09-15
Updated
2009-09-16
8 vulnerabilities found