Lucene search

GoogleOSV:GHSA-MR7P-25V2-35WR

HistoryAug 23, 2019 - 9:53 p.m.

NLTK Vulnerable To Path Traversal

2019-08-2321:53:51

Google

osv.dev

0.006 Low

EPSS

Percentile

78.9%

JSON

NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction.

CPENameOperatorVersion
nltkeq2.0.2
nltkeq0.9.9
nltkeq3.2
nltkeq3.2.2
nltkeq3.2.4
nltkeq3.4.2
nltkeq2.0.4
nltkeq3.0.0b2
nltkeq0.9.5
nltkeq2.0b5

Name	Operator	Version
nltk	eq	2.0.2
nltk	eq	0.9.9
nltk	eq	3.2
nltk	eq	3.2.2
nltk	eq	3.2.4
nltk	eq	3.4.2
nltk	eq	2.0.4
nltk	eq	3.0.0b2
nltk	eq	0.9.5
nltk	eq	2.0b5

Rows per page:

1-10 of 451

References

lists.opensuse.org/opensuse-security-announce/2020-03/msg00054.html

lists.opensuse.org/opensuse-security-announce/2020-04/msg00001.html

github.com/mssalvatore/CVE-2019-14751_PoC

github.com/nltk/nltk/blob/3.4.5/ChangeLog

github.com/nltk/nltk/commit/f59d7ed8df2e0e957f7f247fe218032abdbe9a10

lists.fedoraproject.org/archives/list/[email protected]/message/QI4IJGLZQ5S7C5LNRNROHAO2P526XE3D

lists.fedoraproject.org/archives/list/[email protected]/message/ZGZSSEJH7RHH3RBUEVWWYT75QU67J7SE

nvd.nist.gov/vuln/detail/CVE-2019-14751

salvatoresecurity.com/zip-slip-in-nltk-cve-2019-14751

0.006 Low

EPSS

Percentile

78.9%

JSON

Related for OSV:GHSA-MR7P-25V2-35WR