Header Manipulation #1222

QiAnXinCodeSafe · 2021-11-26T09:00:27Z

CoreNLP/src/edu/stanford/nlp/ie/ner/webapp/NERServlet.java

Lines 152 to 159 in d147ba5

    
           String classifier = request.getParameter("classifier"); 
        
           if (classifier == null || classifier.trim().isEmpty()) { 
        
             classifier = this.defaultClassifier; 
        
           } 
        
           response.addHeader("classifier", classifier); 
        
           response.addHeader("outputFormat", outputFormat); 
        
           response.addHeader("preserveSpacing", String.valueOf(preserveSpacing));

We found 'classifier' may be contaminated on line 152 of NERServlet.java.java.Including unvalidated data in an HTTP response header can enable cache-poisoning, cross-site scripting, cross-user defacement, page hijacking, cookie manipulation or open redirect..It will affect on line 157 of NERServlet.java.Lines 158 and 159 have similar problems.

…d values before returning them in headers. Should sanitize malicious output

AngledLuffa added a commit that referenced this issue Nov 26, 2021

Address issue #1222: verify that classifier and outputFormat are vali…

5ee097d

…d values before returning them in headers. Should sanitize malicious output

AngledLuffa added the fixed on dev label Nov 26, 2021

AngledLuffa closed this as completed Jan 21, 2022

manning added fixed Fixed in released CoreNLP version and removed fixed on dev labels Feb 24, 2022

This was referenced Apr 18, 2022

CVE-2021-44550 (High) detected in stanford-corenlp-3.9.2.jar, stanford-corenlp-3.9.2.jar - autoclosed Gal-Doron/spring-bot#18

Closed

CVE-2021-44550 (High) detected in stanford-corenlp-3.9.2.jar, stanford-corenlp-3.9.2.jar finos/spring-bot#329

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Header Manipulation #1222

Header Manipulation #1222

QiAnXinCodeSafe commented Nov 26, 2021

Header Manipulation #1222

Header Manipulation #1222

Comments

QiAnXinCodeSafe commented Nov 26, 2021