When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a library, this only affects applications that load models or dictionaries from untrusted sources. The versions 1.5.0 to 1.5.3, 1.6.0, 1.7.0 to 1.7.2, 1.8.0 to 1.8.1 of Apache OpenNLP are affected.
References
Link | Resource |
---|---|
http://opennlp.apache.org/news/cve-2017-12620.html | Exploit Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2017-10-02T00:00:00
Updated: 2017-10-02T13:57:02
Reserved: 2017-08-07T00:00:00
Link: CVE-2017-12620
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-10-03T01:29:01.233
Modified: 2017-11-02T16:39:13.537
Link: CVE-2017-12620
JSON object: View
Redhat Information
No data.
CWE