AI Score
Confidence
Low
EPSS
Percentile
16.3%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
total
NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perceptron_tagger and punkt.
[
{
"cpes": [
"cpe:2.3:a:nltk:nltk:*:*:*:*:*:*:*:*"
],
"vendor": "nltk",
"product": "nltk",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "3.8.1"
}
],
"defaultStatus": "unknown"
}
]