nltk is vulnerable to regular expression denial of service. The vulnerability exists due to the inefficient regex pattern used in malt_regex_tagger
function of malt.py
and get_pos_tagger
function of glue.py
, allowing an attacker to cause an application crash by providing malicious payload against RegexpTagger
.