edu.stanford.nlp:stanford-corenlp@3.9.1 vulnerabilities
Stanford CoreNLP provides a set of natural language analysis tools which can take raw English language text input and give the base forms of words, their parts of speech, whether they are names of companies, people, etc., normalize dates, times, and numeric quantities, mark up the structure of sentences in terms of phrases and word dependencies, and indicate which noun phrases refer to the same entities. It provides the foundational building blocks for higher level text understanding applications.
-
latest version
4.5.1
-
latest non vulnerable version
-
first published
11 years ago
-
latest version published
5 months ago
-
licenses detected
- [3.5.0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the edu.stanford.nlp:stanford-corenlp package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
Affected versions of this package are vulnerable to Improper Access Control via the classifier variable in How to fix Improper Access Control? Upgrade |
(,4.4.0)
|
Affected versions of this package are vulnerable to XML External Entity (XXE) Injection when a malicious schema XML file is passed to How to fix XML External Entity (XXE) Injection? Upgrade |
(,4.4.0)
|
Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. The How to fix XML External Entity (XXE) Injection? Upgrade |
(,4.4.0)
|
Affected versions of this package are vulnerable to XML External Entity (XXE) Injection via the How to fix XML External Entity (XXE) Injection? Upgrade |
[0,4.3.1)
|
Affected versions of this package are vulnerable to XML External Entity (XXE) Injection via the How to fix XML External Entity (XXE) Injection? Upgrade |
[0,4.3.1)
|