NLTK Vulnerable to REDoS
High severity
GitHub Reviewed
Published
Sep 29, 2021
to the GitHub Advisory Database
•
Updated Sep 7, 2023
Description
Published by the National Vulnerability Database
Sep 27, 2021
Reviewed
Sep 28, 2021
Published to the GitHub Advisory Database
Sep 29, 2021
Last updated
Sep 7, 2023
The nltk package is vulnerable to ReDoS (regular expression denial of service). An attacker that is able to provide as an input to the
_read_comparison_block()
function in the filenltk/corpus/reader/comparative_sents.py
may cause an application to consume an excessive amount of CPU.References