HIGH 7.5 PyPI
NLTK Vulnerable to REDoS
GHSA-2ww3-fxvq-293j · CVE-2021-3828 · PYSEC-2021-356
Published · Modified
Description
The nltk package is vulnerable to ReDoS (regular expression denial of service). An attacker that is able to provide as an input to the [_read_comparison_block()(https://github.com/nltk/nltk/blob/23f4b1c4b4006b0cb3ec278e801029557cec4e82/nltk/corpus/reader/comparative_sents.py#L259) function in the file nltk/corpus/reader/comparative_sents.py may cause an application to consume an excessive amount of CPU.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-3828
- WEB https://github.com/nltk/nltk/pull/2816
- WEB https://github.com/nltk/nltk/commit/277711ab1dec729e626b27aab6fa35ea5efbd7e6
- ADVISORY https://github.com/advisories/GHSA-2ww3-fxvq-293j
- PACKAGE https://github.com/nltk/nltk
- WEB https://github.com/pypa/advisory-database/tree/main/vulns/nltk/PYSEC-2021-356.yaml
- WEB https://huntr.dev/bounties/d19aed43-75bc-4a03-91a0-4d0bb516bc32
Ready to move
Start Securing
Free, no credit card | First findings in minutes