CVE-2021-44550: Access Control vulnerability within CoreNLP

February 24, 2022 (updated July 12, 2022)

An Incorrect Access Control vulnerability exists in CoreNLP 4.3.2 via the classifier in NERServlet.java (lines 158 and 159).

References

github.com/advisories/GHSA-x2p8-rgfm-qw3v
github.com/stanfordnlp/CoreNLP/commit/5ee097dbede547023e88f60ed3f430ff09398b87
github.com/stanfordnlp/CoreNLP/issues/1222
nvd.nist.gov/vuln/detail/CVE-2021-44550

Detect and mitigate CVE-2021-44550 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →