Lucene search
GoogleOSV:GHSA-CGVX-9447-VCCHHistoryJun 28, 2024 - 12:33 a.m.
ntlk unsafe deserialization vulnerability
2024-06-2800:33:31
Google
osv.dev
12
nltk
remote code execution
vulnerability
pickled python code
data package download
averaged_perceptron_tagger
punkt
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7.8
Confidence
Low
EPSS
0
Percentile
16.3%
NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perceptron_tagger and punkt.
Related
nvd
nvd
CVE-2024-39705
2024-06-27 22:15:10
ubuntucve
ubuntucve
CVE-2024-39705
2024-06-27 00:00:00
vulnrichment
vulnrichment
CVE-2024-39705
2024-06-27 00:00:00
osv
osv
Security update for python-nltk
2024-07-26 10:32:35
CGA-whw8-5gwm-mw58
2024-09-25 05:37:04
CVE-2024-39705
2024-06-27 22:15:10
veracode
veracode
Remote Code Execution
2024-06-28 12:31:56
cve
cve
CVE-2024-39705
2024-06-27 22:15:10
nessus
nessus
openSUSE 15 Security Update : python-nltk (openSUSE-SU-2024:0222-1)
2024-07-27 00:00:00
github
github
ntlk unsafe deserialization vulnerability
2024-06-28 00:33:31
debiancve
debiancve
CVE-2024-39705
2024-06-27 22:15:10
cvelist
cvelist
CVE-2024-39705
2024-06-27 00:00:00
wolfi
wolfi
CVE-2024-39705 vulnerabilities
2024-09-30 03:53:08
ibm
ibm
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7.8
Confidence
Low
EPSS
0
Percentile
16.3%
Related for OSV:GHSA-CGVX-9447-VCCH