nltk@3.5 vulnerabilities

Natural Language Toolkit

latest version

3.8.1
latest non vulnerable version

3.8.1
first published

15 years ago
latest version published

a year ago
licenses detected
- Apache-2.0
  [2.0b4,)
View nltk package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the nltk package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
H Remote Code Execution (RCE) nltk is a Natural Language Toolkit (NLTK) is a Python package for natural language processing. Affected versions of this package are vulnerable to Remote Code Execution (RCE) in the local `WordNet` browser. When a user opens a malicious link while the WordNet browser is active, it can result in the exploitation of this vulnerability on their system. How to fix Remote Code Execution (RCE)? Upgrade `nltk` to version 3.8.1 or higher.	[,3.8.1)
M Cross-site Scripting (XSS) nltk is a Natural Language Toolkit (NLTK) is a Python package for natural language processing. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization in the local `Wordnet` browser via the `MyServerHandler` class. Exploiting this vulnerability is possible by creating a maliciously crafted URL. Note: This only affects users of this browser interface to Wordnet, and not other users of Wordnet. How to fix Cross-site Scripting (XSS)? Upgrade `nltk` to version 3.8.1 or higher.	[,3.8.1)
M Regular Expression Denial of Service (ReDoS) nltk is a Natural Language Toolkit (NLTK) is a Python package for natural language processing. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the `RegexpTagger` method. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade `nltk` to version 3.6.6 or higher.	[0,3.6.6)
H Regular Expression Denial of Service (ReDoS) nltk is a Natural Language Toolkit (NLTK) is a Python package for natural language processing. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via `word_tokenize()` in `nltk/tokenize/punkt.py`. PoC `from nltk.tokenize import word_tokenize import nltk nltk.download('punkt') import time for length in [10002n for n in range(1000)]: text = "a" length start_t = time.time() word_tokenize(text) print(f"payload length: {length} takes {time.time()-start_t}s")` How to fix Regular Expression Denial of Service (ReDoS)? Upgrade `nltk` to version 3.6.6 or higher.	[0,3.6.6)
M Regular Expression Denial of Service (ReDoS) nltk is a Natural Language Toolkit (NLTK) is a Python package for natural language processing. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the `CorpusReader` for the Comparative Sentences Dataset. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade `nltk` to version 3.6.4 or higher.	[,3.6.4)
M Regular Expression Denial of Service (ReDoS) nltk is a Natural Language Toolkit (NLTK) is a Python package for natural language processing. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). `_XML_TAG_NAME` regex operator is vulnerable mainly due to the sub-pattern `\s/?\s` and can be exploited with an input such as `"<"+" " * 5000` How to fix Regular Expression Denial of Service (ReDoS)? Upgrade `nltk` to version 3.6 or higher.	[0,3.6)

Go back to all versions of this package

nltk@3.5 vulnerabilities

Natural Language Toolkit

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

PoC