Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Inefficient Regular Expression Complexity in nltk
Vulnerability Description
NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulnerable to regular expression denial of service (ReDoS) attacks. The vulnerability is present in PunktSentenceTokenizer, sent_tokenize and word_tokenize. Any users of this class, or these two functions, are vulnerable to the ReDoS attack. In short, a specifically crafted long input to any of these vulnerable functions will cause them to take a significant amount of execution time. If your program relies on any of the vulnerable functions for tokenizing unpredictable user input, then we would strongly recommend upgrading to a version of NLTK without the vulnerability. For users unable to upgrade the execution time can be bounded by limiting the maximum length of an input to any of the vulnerable functions. Our recommendation is to implement such a limit.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
Natural Language Toolkit 资源管理错误漏洞
Vulnerability Description
Natural Language Toolkit(NLTK)是一款使用Python语言编写的自然语言处理工具包。 Natural Language Toolkit(NLTK) 3.6.5之前版本存在资源管理错误漏洞,该漏洞源于软件对于正则表达式的处理缺少过滤和转义,软件容易受到正则表达式拒绝服务(regular expression denial of service, ReDoS)攻击。该漏洞存在于PunktSentenceTokenizer、sent tokenize和word tokenize中。该
CVSS Information
N/A
Vulnerability Type
N/A