Header Manipulation

[QiAnXinCodeSafe]

CoreNLP/src/edu/stanford/nlp/ie/ner/webapp/NERServlet.java

Lines 152 to 159 in d147ba5

	String classifier = request.getParameter("classifier");
	if (classifier == null || classifier.trim().isEmpty()) {
	classifier = this.defaultClassifier;
	}
	response.addHeader("classifier", classifier);
	response.addHeader("outputFormat", outputFormat);
	response.addHeader("preserveSpacing", String.valueOf(preserveSpacing));

We found 'classifier' may be contaminated on line 152 of NERServlet.java.java.Including unvalidated data in an HTTP response header can enable cache-poisoning, cross-site scripting, cross-user defacement, page hijacking, cookie manipulation or open redirect..It will affect on line 157 of NERServlet.java.Lines 158 and 159 have similar problems.