Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary File Read via Absolute Path Input in nltk.util.filestring()
Vulnerability Description
A vulnerability in the `filestring()` function of the `nltk.util` module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by providing absolute paths or traversal paths. This vulnerability can be exploited locally or remotely, particularly in scenarios where the function is used in web APIs or other interfaces that accept user-supplied input.
CVSS Information
N/A
Vulnerability Type
绝对路径遍历
Vulnerability Title
NLTK 安全漏洞
Vulnerability Description
NLTK是NLTK开源的一个自然语言工具包。用于支持自然语言处理的研究和开发。 NLTK 3.9.2版本存在安全漏洞,该漏洞源于nltk.util模块的filestring函数对输入路径验证不当,可能导致任意文件读取。
CVSS Information
N/A
Vulnerability Type
N/A