GHSA-2ww3-fxvq-293j

Опубликовано: 29 сент. 2021

Источник: github

Github: Прошло ревью

CVSS4: 8.7

CVSS3: 7.5

Описание

NLTK Vulnerable to REDoS

The nltk package is vulnerable to ReDoS (regular expression denial of service). An attacker that is able to provide as an input to the [_read_comparison_block()(https://github.com/nltk/nltk/blob/23f4b1c4b4006b0cb3ec278e801029557cec4e82/nltk/corpus/reader/comparative_sents.py#L259) function in the file nltk/corpus/reader/comparative_sents.py may cause an application to consume an excessive amount of CPU.

Ссылки

Пакеты

Наименование

nltk

pip

Затронутые версииВерсия исправления

< 3.6.4

3.6.4

EPSS

Процентиль: 62%

0.00433

Низкий

8.7 High

CVSS4

7.5 High

CVSS3

CVE ID

CVE-2021-3828

Дефекты

CWE-1333

CWE-697

Связанные уязвимости

CVE-2021-3828

CVSS3: 7.5

ubuntu

больше 4 лет назад

nltk is vulnerable to Inefficient Regular Expression Complexity

CVE-2021-3828

CVSS3: 7.5

nvd

больше 4 лет назад

nltk is vulnerable to Inefficient Regular Expression Complexity

CVE-2021-3828

CVSS3: 7.5

debian

больше 4 лет назад

nltk is vulnerable to Inefficient Regular Expression Complexity

EPSS

Процентиль: 62%

0.00433

Низкий

8.7 High

CVSS4

7.5 High

CVSS3

CVE ID

CVE-2021-3828

Дефекты

CWE-1333

CWE-697