CVE-2021-44557

Name of the Vulnerable Software and Affected Versions: National Library of the Netherlands multiNER version <= c0440948057afc6e3d6b4903a7c05e666b94a3bc

Description: The issue is related to an XML External Entity (XXE) vulnerability in the multiNER/ner.py file. This vulnerability can be exploited by a malicious XML stream, potentially leading to the leakage of internal files or causing a Denial of Service (DoS).

Recommendations: For National Library of the Netherlands multiNER version <= c0440948057afc6e3d6b4903a7c05e666b94a3bc, consider disabling the XML parsing functionality in the ner.py file as a temporary workaround to prevent exploitation. Restrict access to the multiNER/ner.py file to minimize the risk of internal file leakage or DoS. At the moment, there is no information about a newer version that contains a fix for this vulnerability.