Описание
ntlk unsafe deserialization vulnerability
NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perceptron_tagger and punkt.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-39705
- https://github.com/nltk/nltk/issues/2522
- https://github.com/nltk/nltk/issues/3266
- https://github.com/nltk/nltk/commit/441aecb7d33014bd08672232c6c8bb69c2ceaba2
- https://github.com/pypa/advisory-database/tree/main/vulns/nltk/PYSEC-2024-167.yaml
- https://www.vicarius.io/vsociety/posts/rce-in-python-nltk-cve-2024-39705-39706
Пакеты
nltk
< 3.9
3.9
EPSS
7.5 High
CVSS4
7.5 High
CVSS3
CVE ID
Дефекты
Связанные уязвимости
NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perceptron_tagger and punkt.
NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perceptron_tagger and punkt.
NLTK through 3.8.1 allows remote code execution if untrusted packages ...
EPSS
7.5 High
CVSS4
7.5 High
CVSS3