4 results (0.004 seconds)

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1

nltk is vulnerable to Inefficient Regular Expression Complexity nltk es vulnerable a una Complejidad de Expresión Regular Ineficiente • https://github.com/nltk/nltk/commit/2a50a3edc9d35f57ae42a921c621edc160877f4d https://huntr.dev/bounties/761a761e-2be2-430a-8d92-6f74ffe9866a • CWE-1333: Inefficient Regular Expression Complexity •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3

NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulnerable to regular expression denial of service (ReDoS) attacks. The vulnerability is present in PunktSentenceTokenizer, sent_tokenize and word_tokenize. Any users of this class, or these two functions, are vulnerable to the ReDoS attack. In short, a specifically crafted long input to any of these vulnerable functions will cause them to take a significant amount of execution time. • https://github.com/nltk/nltk/commit/1405aad979c6b8080dbbc8e0858f89b2e3690341 https://github.com/nltk/nltk/issues/2866 https://github.com/nltk/nltk/pull/2869 https://github.com/nltk/nltk/security/advisories/GHSA-f8m6-h2c7-8h9x • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

nltk is vulnerable to Inefficient Regular Expression Complexity nltk es vulnerable a una Complejidad de Expresión Regular Ineficiente • https://github.com/nltk/nltk/commit/277711ab1dec729e626b27aab6fa35ea5efbd7e6 https://huntr.dev/bounties/d19aed43-75bc-4a03-91a0-4d0bb516bc32 • CWE-697: Incorrect Comparison CWE-1333: Inefficient Regular Expression Complexity •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2

NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction. NLTK Downloader versiones anteriores a 3.4.5, es vulnerable a un salto de directorio, lo que permite a atacantes escribir archivos arbitrarios por medio de un ../ (punto punto barra diagonal) en un paquete NLTK (archivo ZIP) que es manejado inapropiadamente durante la extracción. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00001.html https://github.com/mssalvatore/CVE-2019-14751_PoC https://github.com/nltk/nltk/blob/3.4.5/ChangeLog https://github.com/nltk/nltk/commit/f59d7ed8df2e0e957f7f247fe218032abdbe9a10 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI4IJGLZQ5S7C5LNRNROHAO2P526XE3D https://lists.fedoraproject.org/archives/list/package-announce%40lists.f • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •