8 matches found
π NLTK StanfordSegmenter 3.9.2 Arbitrary Code Execution
nltk.tokenize.StanfordSegmenter dynamically loads external Java .jar files via subprocess without performing any integrity verification, signature checking, or sandboxing. The class accepts fully attacker-controlled parameters including pathtojar, pathtomodel, pathtodict, and javaclass, and passe...
SUSE CVE-2026-0848
NLTK versions =3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR file, enabling the execution of...
PYSEC-2026-99
NLTK versions =3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR file, enabling the execution of...
DEBIAN-CVE-2026-0848
NLTK versions =3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR file, enabling the execution of...
PYSEC-2026-99
NLTK versions =3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR file, enabling the execution of...
CVE-2026-0848
NLTK versions =3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR file, enabling the execution of...
CVE-2026-0848
NLTK versions β€3.9.2 are vulnerable due to the StanfordSegmenter loading external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR, enabling arbitrary Java bytecode execution at import time via unvalidated classpath input. Potential attack vectors incl...
PT-2026-23514
Name of the Vulnerable Software and Affected Versions NLTK versions 3.9.2 and earlier Description The software contains a flaw due to improper input validation in the StanfordSegmenter module, potentially leading to arbitrary code execution. The module dynamically loads external Java .jar files...