Closed kangaroooh closed 5 years ago
NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction.
See https://nvd.nist.gov/vuln/detail/CVE-2019-14751.
NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction.
See https://nvd.nist.gov/vuln/detail/CVE-2019-14751.