nltk@2.0b5 vulnerabilities

nltk is a Natural Language Toolkit (NLTK) is a Python package for natural language processing.

Affected versions of this package are vulnerable to Remote Code Execution (RCE) through the integrated data package download functionality. An attacker with control over the NLTK data index can execute arbitrary code by supplying pickled Python code within untrusted packages and trick a user into loading the malicious pickle.

Some packages found to be vulnerable if compromised are averaged_perceptron_tagger, punkt, maxent_ne_chunker, help/tagsets, and maxent_treebank_pos_tagger.

Upgrade nltk to version 3.8.2 or higher.

nltk is a Natural Language Toolkit (NLTK) is a Python package for natural language processing.

Affected versions of this package are vulnerable to Remote Code Execution (RCE) in the local WordNet browser. When a user opens a malicious link while the WordNet browser is active, it can result in the exploitation of this vulnerability on their system.

Upgrade nltk to version 3.8.1 or higher.

nltk is a Natural Language Toolkit (NLTK) is a Python package for natural language processing.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization in the local Wordnet browser via the MyServerHandler class. Exploiting this vulnerability is possible by creating a maliciously crafted URL.

Note: This only affects users of this browser interface to Wordnet, and not other users of Wordnet.

Upgrade nltk to version 3.8.1 or higher.

nltk is a Natural Language Toolkit (NLTK) is a Python package for natural language processing.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the RegexpTagger method.

Upgrade nltk to version 3.6.6 or higher.

nltk is a Natural Language Toolkit (NLTK) is a Python package for natural language processing.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via word_tokenize() in nltk/tokenize/punkt.py.

PoC

from nltk.tokenize import word_tokenize
import nltk
nltk.download('punkt')
import time

for length in [1000*2**n for n in range(1000)]:
    text = "a" * length
    start_t = time.time()
    word_tokenize(text)
    print(f"payload length: {length} takes {time.time()-start_t}s")

Upgrade nltk to version 3.6.6 or higher.

nltk is a Natural Language Toolkit (NLTK) is a Python package for natural language processing.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the CorpusReader for the Comparative Sentences Dataset.

Upgrade nltk to version 3.6.4 or higher.

nltk is a Natural Language Toolkit (NLTK) is a Python package for natural language processing.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). _XML_TAG_NAME regex operator is vulnerable mainly due to the sub-pattern \s*/?\s* and can be exploited with an input such as "<"+" " * 5000

Upgrade nltk to version 3.6 or higher.

nltk is a Natural Language Toolkit (NLTK) is a Python package for natural language processing.

Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip). It allows attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction.

Upgrade nltk to version 3.4.5 or higher.