CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2021-3842 – Inefficient Regular Expression Complexity in nltk/nltk
https://notcve.org/view.php?id=CVE-2021-3842
04 Jan 2022 — nltk is vulnerable to Inefficient Regular Expression Complexity nltk es vulnerable a una Complejidad de Expresión Regular Ineficiente It was discovered that NLTK contained a regex that is susceptible to catastrophic backtracking. An attacker could possibly use this issue to cause a denial of service. • https://github.com/nltk/nltk/commit/2a50a3edc9d35f57ae42a921c621edc160877f4d • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 3CVE-2021-43854 – Inefficient Regular Expression Complexity in nltk
https://notcve.org/view.php?id=CVE-2021-43854
23 Dec 2021 — NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulnerable to regular expression denial of service (ReDoS) attacks. The vulnerability is present in PunktSentenceTokenizer, sent_tokenize and word_tokenize. Any users of this class, or these two functions, are vulnerable to the ReDoS attack. In short, a specifically crafted long input to any of these vulnerable func... • https://github.com/nltk/nltk/commit/1405aad979c6b8080dbbc8e0858f89b2e3690341 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3828 – Inefficient Regular Expression Complexity in nltk/nltk
https://notcve.org/view.php?id=CVE-2021-3828
27 Sep 2021 — nltk is vulnerable to Inefficient Regular Expression Complexity nltk es vulnerable a una Complejidad de Expresión Regular Ineficiente • https://github.com/nltk/nltk/commit/277711ab1dec729e626b27aab6fa35ea5efbd7e6 • CWE-697: Incorrect Comparison CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.5EPSS: 16%CPEs: 1EXPL: 2CVE-2019-14751 – Ubuntu Security Notice USN-4106-1
https://notcve.org/view.php?id=CVE-2019-14751
20 Aug 2019 — NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction. NLTK Downloader versiones anteriores a 3.4.5, es vulnerable a un salto de directorio, lo que permite a atacantes escribir archivos arbitrarios por medio de un ../ (punto punto barra diagonal) en un paquete NLTK (archivo ZIP) que es manejado inapropiadamente durante la extracción. Mike Salvatore discov... • https://github.com/mssalvatore/CVE-2019-14751_PoC • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •