Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
NLTK has unauthenticated remote shutdown in nltk.app.wordnet_app
Vulnerability Description
NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, `nltk.app.wordnet_app` allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when it is started in its default mode. A simple `GET /SHUTDOWN%20THE%20SERVER` request causes the process to terminate immediately via `os._exit(0)`, resulting in a denial of service. Commit bbaae83db86a0f49e00f5b0db44a7254c268de9b patches the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
NLTK 访问控制错误漏洞
Vulnerability Description
NLTK是NLTK开源的一个自然语言工具包。用于支持自然语言处理的研究和开发。 NLTK 3.9.3及之前版本存在访问控制错误漏洞,该漏洞源于nltk.app.wordnet_app允许未经身份验证的远程关闭本地WordNet Browser HTTP服务器,可能导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A