0.001 Low
EPSS
Percentile
45.7%
nltk is vulnerable to regular expression denial of service. An attacker is able to crash the application by providing a malicious input through the _read_comparison_block function in comparative_sents.py.
_read_comparison_block
comparative_sents.py
github.com/nltk/nltk/commit/277711ab1dec729e626b27aab6fa35ea5efbd7e6
github.com/nltk/nltk/pull/2816
huntr.dev/bounties/d19aed43-75bc-4a03-91a0-4d0bb516bc32
huntr.dev/bounties/d19aed43-75bc-4a03-91a0-4d0bb516bc32/