Nishil Shah

**Name of the Vulnerable Software and Affected Versions** Apache OpenNLP versions 1.5.0 through 1.5.3 Apache OpenNLP version 1.6.0 Apache OpenNLP versions 1.7.0 through 1.7.2 Apache OpenNLP versions 1.8.0 through 1.8.1 **Description** The issue allows for an XXE attack when loading models or dictionaries containing XML, specifically affecting applications that load these resources from untrusted sources. **Recommendations** For Apache OpenNLP versions 1.5.0 through 1.5.3, update to a version outside of this range to resolve the issue. For Apache OpenNLP version 1.6.0, update to a version outside of this range to resolve the issue. For Apache OpenNLP versions 1.7.0 through 1.7.2, update to a version outside of this range to resolve the issue. For Apache OpenNLP versions 1.8.0 through 1.8.1, update to a version outside of this range to resolve the issue.