CVE-2017-12620: Improper Restriction of XML External Entity Reference

October 3, 2017 (updated November 2, 2017)

When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a library, this only affects applications that load models or dictionaries from untrusted sources.

References

opennlp.apache.org/news/cve-2017-12620.html
nvd.nist.gov/vuln/detail/CVE-2017-12620

Detect and mitigate CVE-2017-12620 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →