CGA-whw8-5gwm-mw58

Published

Last updated

https://images.chainguard.dev/security/CGA-whw8-5gwm-mw58

Package

py3-nltk

Latest Update

Fixed

Fixed Version

3.8.2-r0

Aliases

CVE-2024-39705
GHSA-cgvx-9447-vcch

Severity

7.5

High

CVSS V3

Summary

ntlk unsafe deserialization vulnerability

Description

NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perceptron_tagger and punkt.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-39705
https://github.com/advisories/GHSA-cgvx-9447-vcch
https://github.com/nltk/nltk/issues/2522
https://github.com/nltk/nltk/issues/3266
https://github.com/nltk/nltk/commit/441aecb7d33014bd08672232c6c8bb69c2ceaba2
https://github.com/nltk/nltk
https://www.vicarius.io/vsociety/posts/rce-in-python-nltk-cve-2024-39705-39706

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-whw8-5gwm-mw58

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources