Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1ycWpoLWpwMnItNTljas0g2g

High CVSS: 8.7 EPSS: 0.00532% (0.66402 Percentile) EPSS:
Permalink JSON

NLTK Vulnerable to REDoS

Affected Packages Affected Versions Fixed Versions
pypi:nltk < 3.6.6 3.6.6
1,440 Dependent packages
57,572 Dependent repositories
33,560,963 Downloads last month

Affected Version Ranges

All affected versions

0.9.3, 0.9.4, 0.9.5, 0.9.6, 0.9.7, 0.9.8, 0.9.9, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.4.1, 3.4.2, 3.4.3, 3.4.4, 3.4.5, 3.6.1, 3.6.2, 3.6.3, 3.6.4, 3.6.5

All unaffected versions

3.6.6, 3.6.7, 3.8.1, 3.8.2, 3.9.1

NLTK is vulnerable to REDoS in some RegexpTaggers used in the functions get_pos_tagger and malt_regex_tagger.

References:

Identifiers

GHSA-rqjh-jp2r-59cj

CVE-2021-3842

Risk

Severity

High

CVSS

CVSS Score: 8.7

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS

EPSS Percentage: 0.00532

EPSS Percentile: 0.66402

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/nltk/nltk

Date and time

Published

over 3 years ago

Updated

10 months ago

API

JSON