Miggo Logo

CVE-2022-0198: XML External Entity Reference in edu.stanford.nlp:stanford-corenlp

6.1

CVSS Score
3.0

Basic Information

EPSS Score
0.3979%
Published
1/14/2022
Updated
2/3/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
edu.stanford.nlp:stanford-corenlpmaven<= 4.3.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The analysis involved examining the patch for the CVE-2022-0198 vulnerability in edu.stanford.nlp:stanford-corenlp. The patch modified the TransformXML constructor to secure the SAXParserFactory against XXE attacks by setting FEATURE_SECURE_PROCESSING to true. This indicates that the original constructor was vulnerable, making it the primary function to monitor for runtime detection of this vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** Tr*ns*ormXML() *un*tion m*k*s us* o* S*XP*rs*r **n*r*t** *rom * S*XP*rs*r***tory wit* no ***TUR*_S**UR*_PRO**SSIN* s*t, *llowin* *or XX* *tt**ks.

Reasoning

T** *n*lysis involv** *x*minin* t** p*t** *or t** *V*-****-**** vuln*r**ility in **u.st*n*or*.nlp:st*n*or*-*or*nlp. T** p*t** mo*i*i** t** Tr*ns*ormXML *onstru*tor to s**ur* t** S*XP*rs*r***tory ***inst XX* *tt**ks *y s*ttin* ***TUR*_S**UR*_PRO**SSIN