Headline
CVE-2022-0198: Fix SAXParser security issue · stanfordnlp/CoreNLP@1f52136
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
@@ -5,6 +5,7 @@
import java.io.*;
import java.util.*;
import javax.xml.XMLConstants;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
@@ -195,6 +196,8 @@ public void processText(String text) {
public TransformXML() {
try {
SAXParserFactory spf = SAXParserFactory.newInstance();
spf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
saxParser = SAXParserFactory.newInstance().newSAXParser();
} catch (Exception e) {
log.info("Error configuring XML parser: " + e);