CVE-2017-12620
When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a
When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a library, this only affects applications that load models or dictionaries from untrusted sources. The versions 1.5.0 to 1.5.3, 1.6.0, 1.7.0 to 1.7.2, 1.8.0 to 1.8.1 of Apache OpenNLP are affected.
CRITICAL · CVSS 9.8
EPSS 0.01018
Act now
- Public exploit or PoC is available
- CVSS base score ≥ 7.0
Sigma rules0
YARA rules0