CVE-2024-39705
- EPSS 8.25%
- Veröffentlicht 27.06.2024 22:15:10
- Zuletzt bearbeitet 21.11.2024 09:28:15
NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perceptron_tagger and punkt.
CVE-2021-3842
- EPSS 0.41%
- Veröffentlicht 04.01.2022 15:15:07
- Zuletzt bearbeitet 21.11.2024 06:22:36
nltk is vulnerable to Inefficient Regular Expression Complexity
- EPSS 0.84%
- Veröffentlicht 23.12.2021 18:15:07
- Zuletzt bearbeitet 21.11.2024 06:29:56
NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulnerable to regular expression denial of service (ReD...
CVE-2021-3828
- EPSS 0.43%
- Veröffentlicht 27.09.2021 13:15:07
- Zuletzt bearbeitet 21.11.2024 06:22:33
nltk is vulnerable to Inefficient Regular Expression Complexity
CVE-2019-14751
- EPSS 3.22%
- Veröffentlicht 22.08.2019 16:15:10
- Zuletzt bearbeitet 21.11.2024 04:27:16
NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction.