CVE-2024-39705

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-39705

Severity

9.8

Critical

CVSS V3

Description

NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perceptron_tagger and punkt.

References

https://images.chainguard.dev/security/CGA-4rpm-rh56-9fq5
https://github.com/advisories/GHSA-cgvx-9447-vcch
https://images.chainguard.dev/security/CGA-68x6-xrv8-8xhw
https://images.chainguard.dev/security/CGA-whw8-5gwm-mw58
https://www.vicarius.io/vsociety/posts/rce-in-python-nltk-cve-2024-39705-39706
https://github.com/nltk/nltk/issues/2522
https://github.com/nltk/nltk/issues/3266

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2024-39705

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company