CVE-2026-40682
- EPSS 0.11%
- Veröffentlicht 04.05.2026 16:55:55
- Zuletzt bearbeitet 06.05.2026 18:00:49
XML External Entity (XXE) via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at clas...
CVE-2026-42027
- EPSS 0.47%
- Veröffentlicht 04.05.2026 16:43:12
- Zuletzt bearbeitet 06.05.2026 18:00:39
Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The ExtensionLoader.instantiateExtension(Class, String) method loads a class by its fully-qua...
CVE-2026-42440
- EPSS 0.19%
- Veröffentlicht 04.05.2026 16:40:32
- Zuletzt bearbeitet 06.05.2026 18:09:43
OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader Versions Affected: before 2.5.9 before 3.0.0-M3 Description: The AbstractModelReader methods getOutcomes(), getOutcomePatterns(), and getPredicates() ...
CVE-2017-12620
- EPSS 1.02%
- Veröffentlicht 03.10.2017 01:29:01
- Zuletzt bearbeitet 13.05.2026 00:24:29
When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a library, this only affects applications that load models or dictionaries from untrusted sources. The versions 1.5.0 to 1.5.3, 1.6....