CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2024-39705
https://notcve.org/view.php?id=CVE-2024-39705
27 Jun 2024 — NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perceptron_tagger and punkt. NLTK hasta 3.8.1 permite la ejecución remota de código si los paquetes que no son de confianza tienen código Python encurtido y se utiliza la funcionalidad de descarga de paquetes de datos integrada. Esto afecta, por ejemplo, a Averaged_perceptron_tagger y punkt. • https://github.com/nltk/nltk/issues/2522 • CWE-300: Channel Accessible by Non-Endpoint CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2021-3842 – Inefficient Regular Expression Complexity in nltk/nltk
https://notcve.org/view.php?id=CVE-2021-3842
04 Jan 2022 — nltk is vulnerable to Inefficient Regular Expression Complexity nltk es vulnerable a una Complejidad de Expresión Regular Ineficiente It was discovered that NLTK contained a regex that is susceptible to catastrophic backtracking. An attacker could possibly use this issue to cause a denial of service. • https://github.com/nltk/nltk/commit/2a50a3edc9d35f57ae42a921c621edc160877f4d • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 3CVE-2021-43854 – Inefficient Regular Expression Complexity in nltk
https://notcve.org/view.php?id=CVE-2021-43854
23 Dec 2021 — NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulnerable to regular expression denial of service (ReDoS) attacks. The vulnerability is present in PunktSentenceTokenizer, sent_tokenize and word_tokenize. Any users of this class, or these two functions, are vulnerable to the ReDoS attack. In short, a specifically crafted long input to any of these vulnerable func... • https://github.com/nltk/nltk/commit/1405aad979c6b8080dbbc8e0858f89b2e3690341 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3828 – Inefficient Regular Expression Complexity in nltk/nltk
https://notcve.org/view.php?id=CVE-2021-3828
27 Sep 2021 — nltk is vulnerable to Inefficient Regular Expression Complexity nltk es vulnerable a una Complejidad de Expresión Regular Ineficiente • https://github.com/nltk/nltk/commit/277711ab1dec729e626b27aab6fa35ea5efbd7e6 • CWE-697: Incorrect Comparison CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.5EPSS: 16%CPEs: 1EXPL: 2CVE-2019-14751 – Ubuntu Security Notice USN-4106-1
https://notcve.org/view.php?id=CVE-2019-14751
20 Aug 2019 — NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction. NLTK Downloader versiones anteriores a 3.4.5, es vulnerable a un salto de directorio, lo que permite a atacantes escribir archivos arbitrarios por medio de un ../ (punto punto barra diagonal) en un paquete NLTK (archivo ZIP) que es manejado inapropiadamente durante la extracción. Mike Salvatore discov... • https://github.com/mssalvatore/CVE-2019-14751_PoC • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •