Описание
NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 3.2.5-1ubuntu0.1 |
| devel | not-affected | 3.4.5-1 |
| disco | released | 3.4-1ubuntu0.1 |
| esm-apps/bionic | released | 3.2.5-1ubuntu0.1 |
| esm-apps/xenial | released | 3.1-1ubuntu0.1 |
| esm-infra-legacy/trusty | released | 2.0~b9-0ubuntu4.1~esm2 |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | released | 2.0~b9-0ubuntu4.1~esm2 |
| upstream | released | 3.4.5 |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction.
NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, a ...
Уязвимость функции _unzip_iter() загрузчика пакета библиотек для символьной и статистической обработки естественного языка NLTK, позволяющая нарушителю записывать произвольные файлы
EPSS
5 Medium
CVSS2
7.5 High
CVSS3