-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| edu.stanford.nlp:stanford-corenlp | maven | <= 4.3.0 | 4.3.1 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from using insecure XML parsing configurations. The patch replaces DocumentBuilderFactory.newInstance() calls with XMLUtils.safeDocumentBuilderFactory() in these three locations. The original calls created XML parsers without disabling DTDs or external entity processing, a classic XXE vulnerability pattern. The functions directly handle XML input parsing, making them clear entry points for exploitation. The commit's explicit replacement with a secure factory confirms these were the vulnerable points.
JavaJavaKEV Misses 88% of Exploited CVEs- Get the report