{"id":"CVE-2022-0198","summary":"Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp","details":"corenlp is vulnerable to Improper Restriction of XML External Entity Reference","aliases":["GHSA-mh83-jcw5-rjh8"],"modified":"2025-12-12T21:54:58.686615Z","published":"2022-01-13T06:45:10Z","database_specific":{"cna_assigner":"@huntrdev","cwe_ids":["CWE-611"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/0xxx/CVE-2022-0198.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/0xxx/CVE-2022-0198.json"},{"type":"FIX","url":"https://github.com/stanfordnlp/corenlp/commit/1f52136321cfca68b991bd7870563d06cf96624d"},{"type":"WEB","url":"https://huntr.dev/bounties/3d7e70fe-dddd-4b79-af62-8e058c4d5763"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0198"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/stanfordnlp/corenlp","events":[{"introduced":"0"},{"fixed":"1f52136321cfca68b991bd7870563d06cf96624d"}]}],"database_specific":{"vanir_signatures":[{"signature_version":"v1","id":"CVE-2022-0198-1ff6ac65","digest":{"length":196,"function_hash":"276455462904976465560872810997262471792"},"deprecated":false,"source":"https://github.com/stanfordnlp/corenlp/commit/1f52136321cfca68b991bd7870563d06cf96624d","signature_type":"Function","target":{"function":"TransformXML","file":"src/edu/stanford/nlp/process/TransformXML.java"}},{"signature_version":"v1","id":"CVE-2022-0198-453cc708","digest":{"line_hashes":["316583942280262142754500723426845022305","293989149656284129014447494148879553004","20044479163562426312692816707892208694","135347285437398752314993341466461008076","164598680801751516149266945297445963479","30261192830806417561700299750085024917","47143790266276717921190740454014496385"],"threshold":0.9},"deprecated":false,"source":"https://github.com/stanfordnlp/corenlp/commit/1f52136321cfca68b991bd7870563d06cf96624d","signature_type":"Line","target":{"file":"src/edu/stanford/nlp/process/TransformXML.java"}}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-0198.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"}]}