PyPi: Nltk

CVE-2024-39705

Safety vulnerability ID: 72089

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jun 27, 2024 Updated at Nov 29, 2024

Scan your Python projects for vulnerabilities →

Advisory

Affected versions of NLTK are vulnerable to Remote Code Execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perceptron_tagger and punkt.

Affected package

nltk

Latest version: 3.9.1

Natural Language Toolkit

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

https://github.com/advisories/GHSA-cgvx-9447-vcch
https://github.com/nltk/nltk/issues/2522
https://github.com/nltk/nltk/issues/3266
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39705
https://www.vicarius.io/vsociety/posts/rce-in-python-nltk-cve-2024-39705-39706
https://github.com/nltk/nltk/issues/3301

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application