Critical severity9.8NVD Advisory· Published Jan 17, 2022· Updated Apr 16, 2026
CVE-2022-0239
CVE-2022-0239
Description
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
edu.stanford.nlp:stanford-corenlpMaven | < 4.4.0 | 4.4.0 |
Affected products
2Patches
Vulnerability mechanics
References
7- github.com/stanfordnlp/corenlp/commit/1940ffb938dc4f3f5bc5f2a2fd8b35aabbbae3ddnvdPatchThird Party AdvisoryWEB
- huntr.dev/bounties/a717aec2-5646-4a5f-ade0-dadc25736ae3nvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-75vw-3m5v-fprhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-0239ghsaADVISORY
- github.com/stanfordnlp/CoreNLP/commit/f44e693882812b144e09d39850177ff0a1f8d16fghsaWEB
- github.com/stanfordnlp/CoreNLP/pull/1242ghsaWEB
- security.snyk.io/vuln/SNYK-JAVA-EDUSTANFORDNLP-2342121ghsaWEB
News mentions
0No linked articles in our index yet.