CVE-2017-12620
CVE-2017-12620
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 3.0%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
02 Oct 2017Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a library, this only affects applications that load models or dictionaries from untrusted sources. The versions 1.5.0 to 1.5.3, 1.6.0, 1.7.0 to 1.7.2, 1.8.0 to 1.8.1 of Apache OpenNLP are affected.
Affected products
Apache Software Foundation · Apache OpenNLPWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →