CVE-2019-14751

Published: Aug 22, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/nltk/nltk/blob/3.4.5/ChangeLog

x_refsource_CONFIRM

https://github.com/nltk/nltk/commit/f59d7ed8df2e0e957f7f247fe218032abdbe9a10

x_refsource_CONFIRM

https://salvatoresecurity.com/zip-slip-in-nltk-cve-2019-14751/

x_refsource_MISC

https://github.com/mssalvatore/CVE-2019-14751_PoC

x_refsource_MISC

FEDORA-2020-1b90085f8d

vendor-advisory

x_refsource_FEDORA

FEDORA-2020-0f785235bb

vendor-advisory

x_refsource_FEDORA

openSUSE-SU-2020:0436

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2020:0440

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-14751

Description

Affected Products

References