PYSEC-2024-167
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/nltk/PYSEC-2024-167.yaml
- JSON Data
- https://api.test.osv.dev/v1/vulns/PYSEC-2024-167
- Aliases
- Published
- 2024-06-27T22:15:10Z
- Modified
- 2025-01-18T19:59:29.222533Z
- Summary
- [none]
- Details
-
NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averagedperceptrontagger and punkt.
- References
Affected packages
PyPI / nltk
Package
- Name
- nltk
- View open source insights on deps.dev
- Purl
- pkg:pypi/nltk
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.9
Affected versions
2.*
2.0.1rc2-git
2.0b4
2.0b5
2.0b6
2.0b7
2.0b8
2.0b9
2.0.1rc1
2.0.1rc3
2.0.1rc4
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
0.*
0.8
0.9
0.9.3
0.9.4
0.9.5
0.9.6
0.9.7
0.9.8
0.9.9
3.*
3.0.0b1
3.0.0b2
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.1
3.2
3.2.1
3.2.2
3.2.3
3.2.4
3.2.5
3.3
3.4
3.4.1
3.4.2
3.4.3
3.4.4
3.4.5
3.5b1
3.5
3.6
3.6.1
3.6.2
3.6.3
3.6.4
3.6.5
3.6.6
3.6.7
3.7
3.8
3.8.1
3.9b1