Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2019-14751

NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.032
EPSS Ranking 86.5%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2019-14751
  • Nltk » Nltk » Version: 2.0.1
    cpe:2.3:a:nltk:nltk:2.0.1
  • Nltk » Nltk » Version: 2.0.3
    cpe:2.3:a:nltk:nltk:2.0.3
  • Nltk » Nltk » Version: 2.0.4
    cpe:2.3:a:nltk:nltk:2.0.4
  • Nltk » Nltk » Version: 3.0.0
    cpe:2.3:a:nltk:nltk:3.0.0
  • Nltk » Nltk » Version: 3.0.1
    cpe:2.3:a:nltk:nltk:3.0.1
  • Nltk » Nltk » Version: 3.0.2
    cpe:2.3:a:nltk:nltk:3.0.2
  • Nltk » Nltk » Version: 3.0.3
    cpe:2.3:a:nltk:nltk:3.0.3
  • Nltk » Nltk » Version: 3.0.4
    cpe:2.3:a:nltk:nltk:3.0.4
  • Nltk » Nltk » Version: 3.0.5
    cpe:2.3:a:nltk:nltk:3.0.5
  • Nltk » Nltk » Version: 3.1
    cpe:2.3:a:nltk:nltk:3.1
  • Nltk » Nltk » Version: 3.2
    cpe:2.3:a:nltk:nltk:3.2
  • Nltk » Nltk » Version: 3.2.1
    cpe:2.3:a:nltk:nltk:3.2.1
  • Nltk » Nltk » Version: 3.2.2
    cpe:2.3:a:nltk:nltk:3.2.2
  • Nltk » Nltk » Version: 3.2.3
    cpe:2.3:a:nltk:nltk:3.2.3
  • Nltk » Nltk » Version: 3.2.4
    cpe:2.3:a:nltk:nltk:3.2.4
  • Nltk » Nltk » Version: 3.2.5
    cpe:2.3:a:nltk:nltk:3.2.5
  • Nltk » Nltk » Version: 3.3
    cpe:2.3:a:nltk:nltk:3.3
  • Nltk » Nltk » Version: 3.4
    cpe:2.3:a:nltk:nltk:3.4
  • Nltk » Nltk » Version: 3.4.1
    cpe:2.3:a:nltk:nltk:3.4.1
  • Nltk » Nltk » Version: 3.4.3
    cpe:2.3:a:nltk:nltk:3.4.3
  • Nltk » Nltk » Version: 3.4.4
    cpe:2.3:a:nltk:nltk:3.4.4


Products
Pricing
Contact Us

Shodan ® - All rights reserved