NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during...
7.5CVSS
7.3AI Score
0.006EPSS
7.5CVSS
7.3AI Score
0.001EPSS
NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulnerable to regular expression denial of service (ReDoS) attacks. The vulnerability is present in...
7.5CVSS
7.4AI Score
0.003EPSS
7.5CVSS
7.2AI Score
0.001EPSS