nltk@3.7 vulnerabilities

nltk is a Natural Language Toolkit (NLTK) is a Python package for natural language processing.

Affected versions of this package are vulnerable to Remote Code Execution (RCE) through the integrated data package download functionality. An attacker with control over the NLTK data index can execute arbitrary code by supplying pickled Python code within untrusted packages and trick a user into loading the malicious pickle.

Some packages found to be vulnerable if compromised are averaged_perceptron_tagger, punkt, maxent_ne_chunker, help/tagsets, and maxent_treebank_pos_tagger.

Upgrade nltk to version 3.8.2 or higher.

nltk is a Natural Language Toolkit (NLTK) is a Python package for natural language processing.

Affected versions of this package are vulnerable to Remote Code Execution (RCE) in the local WordNet browser. When a user opens a malicious link while the WordNet browser is active, it can result in the exploitation of this vulnerability on their system.

Upgrade nltk to version 3.8.1 or higher.

nltk is a Natural Language Toolkit (NLTK) is a Python package for natural language processing.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization in the local Wordnet browser via the MyServerHandler class. Exploiting this vulnerability is possible by creating a maliciously crafted URL.

Note: This only affects users of this browser interface to Wordnet, and not other users of Wordnet.

Upgrade nltk to version 3.8.1 or higher.