Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-3828 (GCVE-0-2021-3828)
Vulnerability from cvelistv5 – Published: 2021-09-27 12:25 – Updated: 2024-08-03 17:09
VLAI
EPSS
Title
Inefficient Regular Expression Complexity in nltk/nltk
Summary
nltk is vulnerable to Inefficient Regular Expression Complexity
Severity
7.5 (High)
CWE
- CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/d19aed43-75bc-4a03-91a… | x_refsource_CONFIRM |
| https://github.com/nltk/nltk/commit/277711ab1dec7… | x_refsource_MISC |
Impacted products
Credits
Srikanth Prathi (@srikanthprathi)
Tom Aarsen (@tomaarsen)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/d19aed43-75bc-4a03-91a0-4d0bb516bc32"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nltk/nltk/commit/277711ab1dec729e626b27aab6fa35ea5efbd7e6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nltk/nltk",
"vendor": "nltk",
"versions": [
{
"lessThanOrEqual": "3.6.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Srikanth Prathi (@srikanthprathi)"
},
{
"lang": "en",
"value": "Tom Aarsen (@tomaarsen)"
}
],
"descriptions": [
{
"lang": "en",
"value": "nltk is vulnerable to Inefficient Regular Expression Complexity"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333 Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-27T12:25:29.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/d19aed43-75bc-4a03-91a0-4d0bb516bc32"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nltk/nltk/commit/277711ab1dec729e626b27aab6fa35ea5efbd7e6"
}
],
"source": {
"advisory": "d19aed43-75bc-4a03-91a0-4d0bb516bc32",
"discovery": "EXTERNAL"
},
"title": "Inefficient Regular Expression Complexity in nltk/nltk",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3828",
"STATE": "PUBLIC",
"TITLE": "Inefficient Regular Expression Complexity in nltk/nltk"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "nltk/nltk",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "3.6.3"
}
]
}
}
]
},
"vendor_name": "nltk"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Srikanth Prathi (@srikanthprathi)"
},
{
"lang": "eng",
"value": "Tom Aarsen (@tomaarsen)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "nltk is vulnerable to Inefficient Regular Expression Complexity"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1333 Inefficient Regular Expression Complexity"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/d19aed43-75bc-4a03-91a0-4d0bb516bc32",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/d19aed43-75bc-4a03-91a0-4d0bb516bc32"
},
{
"name": "https://github.com/nltk/nltk/commit/277711ab1dec729e626b27aab6fa35ea5efbd7e6",
"refsource": "MISC",
"url": "https://github.com/nltk/nltk/commit/277711ab1dec729e626b27aab6fa35ea5efbd7e6"
}
]
},
"source": {
"advisory": "d19aed43-75bc-4a03-91a0-4d0bb516bc32",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3828",
"datePublished": "2021-09-27T12:25:30.000Z",
"dateReserved": "2021-09-24T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:09:09.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-3828",
"date": "2026-06-06",
"epss": "0.00433",
"percentile": "0.63112"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-3828\",\"sourceIdentifier\":\"security@huntr.dev\",\"published\":\"2021-09-27T13:15:07.993\",\"lastModified\":\"2024-11-21T06:22:33.317\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"nltk is vulnerable to Inefficient Regular Expression Complexity\"},{\"lang\":\"es\",\"value\":\"nltk es vulnerable a una Complejidad de Expresi\u00f3n Regular Ineficiente\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV30\":[{\"source\":\"security@huntr.dev\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security@huntr.dev\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1333\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-697\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nltk:nltk:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.6.3\",\"matchCriteriaId\":\"18A51778-0184-4262-A014-08D077E6BE93\"}]}]}],\"references\":[{\"url\":\"https://github.com/nltk/nltk/commit/277711ab1dec729e626b27aab6fa35ea5efbd7e6\",\"source\":\"security@huntr.dev\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://huntr.dev/bounties/d19aed43-75bc-4a03-91a0-4d0bb516bc32\",\"source\":\"security@huntr.dev\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/nltk/nltk/commit/277711ab1dec729e626b27aab6fa35ea5efbd7e6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://huntr.dev/bounties/d19aed43-75bc-4a03-91a0-4d0bb516bc32\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
FKIE_CVE-2021-3828
Vulnerability from fkie_nvd - Published: 2021-09-27 13:15 - Updated: 2024-11-21 06:22
Severity
Summary
nltk is vulnerable to Inefficient Regular Expression Complexity
References
| URL | Tags | ||
|---|---|---|---|
| security@huntr.dev | https://github.com/nltk/nltk/commit/277711ab1dec729e626b27aab6fa35ea5efbd7e6 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/d19aed43-75bc-4a03-91a0-4d0bb516bc32 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/nltk/nltk/commit/277711ab1dec729e626b27aab6fa35ea5efbd7e6 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/d19aed43-75bc-4a03-91a0-4d0bb516bc32 | Exploit, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nltk:nltk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18A51778-0184-4262-A014-08D077E6BE93",
"versionEndIncluding": "3.6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "nltk is vulnerable to Inefficient Regular Expression Complexity"
},
{
"lang": "es",
"value": "nltk es vulnerable a una Complejidad de Expresi\u00f3n Regular Ineficiente"
}
],
"id": "CVE-2021-3828",
"lastModified": "2024-11-21T06:22:33.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-27T13:15:07.993",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nltk/nltk/commit/277711ab1dec729e626b27aab6fa35ea5efbd7e6"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/d19aed43-75bc-4a03-91a0-4d0bb516bc32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nltk/nltk/commit/277711ab1dec729e626b27aab6fa35ea5efbd7e6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/d19aed43-75bc-4a03-91a0-4d0bb516bc32"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-697"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-2WW3-FXVQ-293J
Vulnerability from github – Published: 2021-09-29 17:14 – Updated: 2024-10-07 15:09
VLAI
Summary
NLTK Vulnerable to REDoS
Details
The nltk package is vulnerable to ReDoS (regular expression denial of service). An attacker that is able to provide as an input to the [_read_comparison_block()(https://github.com/nltk/nltk/blob/23f4b1c4b4006b0cb3ec278e801029557cec4e82/nltk/corpus/reader/comparative_sents.py#L259) function in the file nltk/corpus/reader/comparative_sents.py may cause an application to consume an excessive amount of CPU.
Severity
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "nltk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.6.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-3828"
],
"database_specific": {
"cwe_ids": [
"CWE-1333",
"CWE-697"
],
"github_reviewed": true,
"github_reviewed_at": "2021-09-28T20:49:37Z",
"nvd_published_at": "2021-09-27T13:15:00Z",
"severity": "HIGH"
},
"details": "The nltk package is vulnerable to ReDoS (regular expression denial of service). An attacker that is able to provide as an input to the [`_read_comparison_block()`(https://github.com/nltk/nltk/blob/23f4b1c4b4006b0cb3ec278e801029557cec4e82/nltk/corpus/reader/comparative_sents.py#L259) function in the file `nltk/corpus/reader/comparative_sents.py` may cause an application to consume an excessive amount of CPU.",
"id": "GHSA-2ww3-fxvq-293j",
"modified": "2024-10-07T15:09:21Z",
"published": "2021-09-29T17:14:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3828"
},
{
"type": "WEB",
"url": "https://github.com/nltk/nltk/pull/2816"
},
{
"type": "WEB",
"url": "https://github.com/nltk/nltk/commit/277711ab1dec729e626b27aab6fa35ea5efbd7e6"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-2ww3-fxvq-293j"
},
{
"type": "PACKAGE",
"url": "https://github.com/nltk/nltk"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/nltk/PYSEC-2021-356.yaml"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/d19aed43-75bc-4a03-91a0-4d0bb516bc32"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "NLTK Vulnerable to REDoS"
}
GSD-2021-3828
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
nltk is vulnerable to Inefficient Regular Expression Complexity
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-3828",
"description": "nltk is vulnerable to Inefficient Regular Expression Complexity",
"id": "GSD-2021-3828",
"references": [
"https://www.suse.com/security/cve/CVE-2021-3828.html",
"https://security.archlinux.org/CVE-2021-3828",
"https://ubuntu.com/security/CVE-2021-3828"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-3828"
],
"details": "nltk is vulnerable to Inefficient Regular Expression Complexity",
"id": "GSD-2021-3828",
"modified": "2023-12-13T01:23:35.020882Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3828",
"STATE": "PUBLIC",
"TITLE": "Inefficient Regular Expression Complexity in nltk/nltk"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "nltk/nltk",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "3.6.3"
}
]
}
}
]
},
"vendor_name": "nltk"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Srikanth Prathi (@srikanthprathi)"
},
{
"lang": "eng",
"value": "Tom Aarsen (@tomaarsen)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "nltk is vulnerable to Inefficient Regular Expression Complexity"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1333 Inefficient Regular Expression Complexity"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/d19aed43-75bc-4a03-91a0-4d0bb516bc32",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/d19aed43-75bc-4a03-91a0-4d0bb516bc32"
},
{
"name": "https://github.com/nltk/nltk/commit/277711ab1dec729e626b27aab6fa35ea5efbd7e6",
"refsource": "MISC",
"url": "https://github.com/nltk/nltk/commit/277711ab1dec729e626b27aab6fa35ea5efbd7e6"
}
]
},
"source": {
"advisory": "d19aed43-75bc-4a03-91a0-4d0bb516bc32",
"discovery": "EXTERNAL"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c=3.6.3",
"affected_versions": "All versions up to 3.6.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-697",
"CWE-937"
],
"date": "2022-04-25",
"description": "nltk is vulnerable to Inefficient Regular Expression Complexity",
"fixed_versions": [
"3.6.4"
],
"identifier": "CVE-2021-3828",
"identifiers": [
"CVE-2021-3828"
],
"not_impacted": "All versions after 3.6.3",
"package_slug": "pypi/nltk",
"pubdate": "2021-09-27",
"solution": "Upgrade to version 3.6.4 or above.",
"title": "Incorrect Comparison",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-3828"
],
"uuid": "08e235c9-611b-4afd-a9eb-5b26157bb5d0"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:nltk:nltk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.6.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3828"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "nltk is vulnerable to Inefficient Regular Expression Complexity"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-697"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/d19aed43-75bc-4a03-91a0-4d0bb516bc32",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/d19aed43-75bc-4a03-91a0-4d0bb516bc32"
},
{
"name": "https://github.com/nltk/nltk/commit/277711ab1dec729e626b27aab6fa35ea5efbd7e6",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nltk/nltk/commit/277711ab1dec729e626b27aab6fa35ea5efbd7e6"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-04-25T18:18Z",
"publishedDate": "2021-09-27T13:15Z"
}
}
}
OPENSUSE-SU-2022:10040-1
Vulnerability from csaf_opensuse - Published: 2022-07-03 14:01 - Updated: 2022-07-03 14:01Summary
Security update for python-nltk
Severity
Moderate
Notes
Title of the patch: Security update for python-nltk
Description of the patch: This update for python-nltk fixes the following issues:
Update to 3.7
- Improve and update the NLTK team page on nltk.org (#2855,
#2941)
- Drop support for Python 3.6, support Python 3.10 (#2920)
- Update to 3.6.7
- Resolve IndexError in `sent_tokenize` and `word_tokenize`
(#2922)
- Update to 3.6.6
- Refactor `gensim.doctest` to work for gensim 4.0.0 and up
(#2914)
- Add Precision, Recall, F-measure, Confusion Matrix to Taggers
(#2862)
- Added warnings if .zip files exist without any corresponding
.csv files. (#2908)
- Fix `FileNotFoundError` when the `download_dir` is
a non-existing nested folder (#2910)
- Rename omw to omw-1.4 (#2907)
- Resolve ReDoS opportunity by fixing incorrectly specified
regex (#2906, boo#1191030, CVE-2021-3828).
- Support OMW 1.4 (#2899)
- Deprecate Tree get and set node methods (#2900)
- Fix broken inaugural test case (#2903)
- Use Multilingual Wordnet Data from OMW with newer Wordnet
versions (#2889)
- Keep NLTKs 'tokenize' module working with pathlib (#2896)
- Make prettyprinter to be more readable (#2893)
- Update links to the nltk book (#2895)
- Add `CITATION.cff` to nltk (#2880)
- Resolve serious ReDoS in PunktSentenceTokenizer (#2869)
- Delete old CI config files (#2881)
- Improve Tokenize documentation + add TokenizerI as superclass
for TweetTokenizer (#2878)
- Fix expected value for BLEU score doctest after changes from
#2572
- Add multi Bleu functionality and tests (#2793)
- Deprecate 'return_str' parameter in NLTKWordTokenizer and
TreebankWordTokenizer (#2883)
- Allow empty string in CFG's + more (#2888)
- Partition `tree.py` module into `tree` package + pickle fix
(#2863)
- Fix several TreebankWordTokenizer and NLTKWordTokenizer bugs
(#2877)
- Rewind Wordnet data file after each lookup (#2868)
- Correct __init__ call for SyntaxCorpusReader subclasses
(#2872)
- Documentation fixes (#2873)
- Fix levenstein distance for duplicated letters (#2849)
- Support alternative Wordnet versions (#2860)
- Remove hundreds of formatting warnings for nltk.org (#2859)
- Modernize `nltk.org/howto` pages (#2856)
- Fix Bleu Score smoothing function from taking log(0) (#2839)
- Update third party tools to newer versions and removing
MaltParser fixed version (#2832)
- Fix TypeError: _pretty() takes 1 positional argument but 2
were given in sem/drt.py (#2854)
- Replace `http` with `https` in most URLs (#2852)
- Update to 3.6.5
- modernised nltk.org website
- addressed LGTM.com issues
- support ZWJ sequences emoji and skin tone modifer emoji in
TweetTokenizer
- METEOR evaluation now requires pre-tokenized input
- Code linting and type hinting
- implement get_refs function for DrtLambdaExpression
- Enable automated CoreNLP, Senna, Prover9/Mace4, Megam,
MaltParser CI tests
- specify minimum regex version that supports regex.Pattern
- avoid re.Pattern and regex.Pattern which fail for Python 3.6,
3.7
- Update to 3.6.4
- deprecate `nltk.usage(obj)` in favor of `help(obj)`
- resolve ReDoS vulnerability in Corpus Reader
- solidify performance tests
- improve phone number recognition in tweet tokenizer
- refactored CISTEM stemmer for German
- identify NLTK Team as the author
- replace travis badge with github actions badge
- add SECURITY.md
- Update to 3.6.3
- Dropped support for Python 3.5
- Run CI tests on Windows, too
- Moved from Travis CI to GitHub Actions
- Code and comment cleanups
- Visualize WordNet relation graphs using Graphviz
- Fixed large error in METEOR score
- Apply isort, pyupgrade, black, added as pre-commit hooks
- Prevent debug_decisions in Punkt from throwing IndexError
- Resolved ZeroDivisionError in RIBES with dissimilar sentences
- Initialize WordNet IC total counts with smoothing value
- Fixed AttributeError for Arabic ARLSTem2 stemmer
- Many fixes and improvements to lm language model package
- Fix bug in nltk.metrics.aline, C_skip = -10
- Improvements to TweetTokenizer
- Optional show arg for FreqDist.plot, ConditionalFreqDist.plot
- edit_distance now computes Damerau-Levenshtein edit-distance
- Update to 3.6.2
- move test code to nltk/test
- fix bug in NgramAssocMeasures (order preserving fix)
- Update to 3.6
- add support for Python 3.9
- add Tree.fromlist
- compute Minimum Spanning Tree of unweighted graph using BFS
- fix bug with infinite loop in Wordnet closure and tree
- fix bug in calculating BLEU using smoothing method 4
- Wordnet synset similarities work for all pos
- new Arabic light stemmer (ARLSTem2)
- new syllable tokenizer (LegalitySyllableTokenizer)
- remove nose in favor of pytest
- Update to v3.5
* add support for Python 3.8
* drop support for Python 2
* create NLTK's own Tokenizer class distinct from the Treebank
reference tokeniser
* update Vader sentiment analyser
* fix JSON serialization of some PoS taggers
* minor improvements in grammar.CFG, Vader, pl196x corpus reader,
StringTokenizer
* change implementation <= and >= for FreqDist so they are partial
orders
* make FreqDist iterable
* correctly handle Penn Treebank trees with a unlabeled branching
top node
- Update to 3.4.5 (boo#1146427, CVE-2019-14751):
Patchnames: openSUSE-2022-10040
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP2:python3-nltk-3.7-bp152.3.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP2:python3-nltk-3.7-bp152.3.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-nltk",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-nltk fixes the following issues:\n\nUpdate to 3.7\n\n - Improve and update the NLTK team page on nltk.org (#2855,\n #2941)\n - Drop support for Python 3.6, support Python 3.10 (#2920)\n\n- Update to 3.6.7\n\n - Resolve IndexError in `sent_tokenize` and `word_tokenize`\n (#2922)\n\n- Update to 3.6.6\n\n - Refactor `gensim.doctest` to work for gensim 4.0.0 and up\n (#2914)\n - Add Precision, Recall, F-measure, Confusion Matrix to Taggers\n (#2862)\n - Added warnings if .zip files exist without any corresponding\n .csv files. (#2908)\n - Fix `FileNotFoundError` when the `download_dir` is\n a non-existing nested folder (#2910)\n - Rename omw to omw-1.4 (#2907)\n - Resolve ReDoS opportunity by fixing incorrectly specified\n regex (#2906, boo#1191030, CVE-2021-3828).\n - Support OMW 1.4 (#2899)\n - Deprecate Tree get and set node methods (#2900)\n - Fix broken inaugural test case (#2903)\n - Use Multilingual Wordnet Data from OMW with newer Wordnet\n versions (#2889)\n - Keep NLTKs \u0027tokenize\u0027 module working with pathlib (#2896)\n - Make prettyprinter to be more readable (#2893)\n - Update links to the nltk book (#2895)\n - Add `CITATION.cff` to nltk (#2880)\n - Resolve serious ReDoS in PunktSentenceTokenizer (#2869)\n - Delete old CI config files (#2881)\n - Improve Tokenize documentation + add TokenizerI as superclass\n for TweetTokenizer (#2878)\n - Fix expected value for BLEU score doctest after changes from\n #2572\n - Add multi Bleu functionality and tests (#2793)\n - Deprecate \u0027return_str\u0027 parameter in NLTKWordTokenizer and\n TreebankWordTokenizer (#2883)\n - Allow empty string in CFG\u0027s + more (#2888)\n - Partition `tree.py` module into `tree` package + pickle fix\n (#2863)\n - Fix several TreebankWordTokenizer and NLTKWordTokenizer bugs\n (#2877)\n - Rewind Wordnet data file after each lookup (#2868)\n - Correct __init__ call for SyntaxCorpusReader subclasses\n (#2872)\n - Documentation fixes (#2873)\n - Fix levenstein distance for duplicated letters (#2849)\n - Support alternative Wordnet versions (#2860)\n - Remove hundreds of formatting warnings for nltk.org (#2859)\n - Modernize `nltk.org/howto` pages (#2856)\n - Fix Bleu Score smoothing function from taking log(0) (#2839)\n - Update third party tools to newer versions and removing\n MaltParser fixed version (#2832)\n - Fix TypeError: _pretty() takes 1 positional argument but 2\n were given in sem/drt.py (#2854)\n - Replace `http` with `https` in most URLs (#2852)\n\n- Update to 3.6.5\n\n - modernised nltk.org website\n - addressed LGTM.com issues\n - support ZWJ sequences emoji and skin tone modifer emoji in\n TweetTokenizer\n - METEOR evaluation now requires pre-tokenized input\n - Code linting and type hinting\n - implement get_refs function for DrtLambdaExpression\n - Enable automated CoreNLP, Senna, Prover9/Mace4, Megam,\n MaltParser CI tests\n - specify minimum regex version that supports regex.Pattern\n - avoid re.Pattern and regex.Pattern which fail for Python 3.6,\n 3.7\n\n- Update to 3.6.4\n\n - deprecate `nltk.usage(obj)` in favor of `help(obj)`\n - resolve ReDoS vulnerability in Corpus Reader\n - solidify performance tests\n - improve phone number recognition in tweet tokenizer\n - refactored CISTEM stemmer for German\n - identify NLTK Team as the author\n - replace travis badge with github actions badge\n - add SECURITY.md\n\n- Update to 3.6.3\n\n - Dropped support for Python 3.5\n - Run CI tests on Windows, too\n - Moved from Travis CI to GitHub Actions\n - Code and comment cleanups\n - Visualize WordNet relation graphs using Graphviz\n - Fixed large error in METEOR score\n - Apply isort, pyupgrade, black, added as pre-commit hooks\n - Prevent debug_decisions in Punkt from throwing IndexError\n - Resolved ZeroDivisionError in RIBES with dissimilar sentences\n - Initialize WordNet IC total counts with smoothing value\n - Fixed AttributeError for Arabic ARLSTem2 stemmer\n - Many fixes and improvements to lm language model package\n - Fix bug in nltk.metrics.aline, C_skip = -10\n - Improvements to TweetTokenizer\n - Optional show arg for FreqDist.plot, ConditionalFreqDist.plot\n - edit_distance now computes Damerau-Levenshtein edit-distance\n\n- Update to 3.6.2\n\n - move test code to nltk/test\n - fix bug in NgramAssocMeasures (order preserving fix)\n\n- Update to 3.6\n\n - add support for Python 3.9\n - add Tree.fromlist\n - compute Minimum Spanning Tree of unweighted graph using BFS\n - fix bug with infinite loop in Wordnet closure and tree\n - fix bug in calculating BLEU using smoothing method 4\n - Wordnet synset similarities work for all pos\n - new Arabic light stemmer (ARLSTem2)\n - new syllable tokenizer (LegalitySyllableTokenizer)\n - remove nose in favor of pytest\n\n- Update to v3.5\n\n * add support for Python 3.8\n * drop support for Python 2\n * create NLTK\u0027s own Tokenizer class distinct from the Treebank\n reference tokeniser\n * update Vader sentiment analyser\n * fix JSON serialization of some PoS taggers\n * minor improvements in grammar.CFG, Vader, pl196x corpus reader,\n StringTokenizer\n * change implementation \u003c= and \u003e= for FreqDist so they are partial\n orders\n * make FreqDist iterable\n * correctly handle Penn Treebank trees with a unlabeled branching\n top node\n\n- Update to 3.4.5 (boo#1146427, CVE-2019-14751):",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2022-10040",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_10040-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2022:10040-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6ZUSFUYB3S2F4VLUQBWFBYRLCIHMR43P/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2022:10040-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6ZUSFUYB3S2F4VLUQBWFBYRLCIHMR43P/"
},
{
"category": "self",
"summary": "SUSE Bug 1146427",
"url": "https://bugzilla.suse.com/1146427"
},
{
"category": "self",
"summary": "SUSE Bug 1191030",
"url": "https://bugzilla.suse.com/1191030"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14751 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3828 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3828/"
}
],
"title": "Security update for python-nltk",
"tracking": {
"current_release_date": "2022-07-03T14:01:14Z",
"generator": {
"date": "2022-07-03T14:01:14Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2022:10040-1",
"initial_release_date": "2022-07-03T14:01:14Z",
"revision_history": [
{
"date": "2022-07-03T14:01:14Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python3-nltk-3.7-bp152.3.3.1.noarch",
"product": {
"name": "python3-nltk-3.7-bp152.3.3.1.noarch",
"product_id": "python3-nltk-3.7-bp152.3.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP2",
"product": {
"name": "SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nltk-3.7-bp152.3.3.1.noarch as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:python3-nltk-3.7-bp152.3.3.1.noarch"
},
"product_reference": "python3-nltk-3.7-bp152.3.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-14751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14751"
}
],
"notes": [
{
"category": "general",
"text": "NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP2:python3-nltk-3.7-bp152.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14751",
"url": "https://www.suse.com/security/cve/CVE-2019-14751"
},
{
"category": "external",
"summary": "SUSE Bug 1146427 for CVE-2019-14751",
"url": "https://bugzilla.suse.com/1146427"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP2:python3-nltk-3.7-bp152.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP2:python3-nltk-3.7-bp152.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-03T14:01:14Z",
"details": "important"
}
],
"title": "CVE-2019-14751"
},
{
"cve": "CVE-2021-3828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3828"
}
],
"notes": [
{
"category": "general",
"text": "nltk is vulnerable to Inefficient Regular Expression Complexity",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP2:python3-nltk-3.7-bp152.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3828",
"url": "https://www.suse.com/security/cve/CVE-2021-3828"
},
{
"category": "external",
"summary": "SUSE Bug 1191030 for CVE-2021-3828",
"url": "https://bugzilla.suse.com/1191030"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP2:python3-nltk-3.7-bp152.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP2:python3-nltk-3.7-bp152.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-03T14:01:14Z",
"details": "important"
}
],
"title": "CVE-2021-3828"
}
]
}
OPENSUSE-SU-2024:11958-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
python310-nltk-3.7-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: python310-nltk-3.7-1.1 on GA media
Description of the patch: These are all security issues fixed in the python310-nltk-3.7-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-11958
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-nltk-3.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-nltk-3.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-nltk-3.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-nltk-3.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-nltk-3.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-nltk-3.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-nltk-3.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-nltk-3.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-nltk-3.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-nltk-3.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-nltk-3.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-nltk-3.7-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python310-nltk-3.7-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python310-nltk-3.7-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11958",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11958-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3828 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3828/"
}
],
"title": "python310-nltk-3.7-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11958-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python310-nltk-3.7-1.1.aarch64",
"product": {
"name": "python310-nltk-3.7-1.1.aarch64",
"product_id": "python310-nltk-3.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python38-nltk-3.7-1.1.aarch64",
"product": {
"name": "python38-nltk-3.7-1.1.aarch64",
"product_id": "python38-nltk-3.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-nltk-3.7-1.1.aarch64",
"product": {
"name": "python39-nltk-3.7-1.1.aarch64",
"product_id": "python39-nltk-3.7-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-nltk-3.7-1.1.ppc64le",
"product": {
"name": "python310-nltk-3.7-1.1.ppc64le",
"product_id": "python310-nltk-3.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python38-nltk-3.7-1.1.ppc64le",
"product": {
"name": "python38-nltk-3.7-1.1.ppc64le",
"product_id": "python38-nltk-3.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-nltk-3.7-1.1.ppc64le",
"product": {
"name": "python39-nltk-3.7-1.1.ppc64le",
"product_id": "python39-nltk-3.7-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-nltk-3.7-1.1.s390x",
"product": {
"name": "python310-nltk-3.7-1.1.s390x",
"product_id": "python310-nltk-3.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python38-nltk-3.7-1.1.s390x",
"product": {
"name": "python38-nltk-3.7-1.1.s390x",
"product_id": "python38-nltk-3.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-nltk-3.7-1.1.s390x",
"product": {
"name": "python39-nltk-3.7-1.1.s390x",
"product_id": "python39-nltk-3.7-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-nltk-3.7-1.1.x86_64",
"product": {
"name": "python310-nltk-3.7-1.1.x86_64",
"product_id": "python310-nltk-3.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python38-nltk-3.7-1.1.x86_64",
"product": {
"name": "python38-nltk-3.7-1.1.x86_64",
"product_id": "python38-nltk-3.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-nltk-3.7-1.1.x86_64",
"product": {
"name": "python39-nltk-3.7-1.1.x86_64",
"product_id": "python39-nltk-3.7-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-nltk-3.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-nltk-3.7-1.1.aarch64"
},
"product_reference": "python310-nltk-3.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-nltk-3.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-nltk-3.7-1.1.ppc64le"
},
"product_reference": "python310-nltk-3.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-nltk-3.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-nltk-3.7-1.1.s390x"
},
"product_reference": "python310-nltk-3.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-nltk-3.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-nltk-3.7-1.1.x86_64"
},
"product_reference": "python310-nltk-3.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-nltk-3.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-nltk-3.7-1.1.aarch64"
},
"product_reference": "python38-nltk-3.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-nltk-3.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-nltk-3.7-1.1.ppc64le"
},
"product_reference": "python38-nltk-3.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-nltk-3.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-nltk-3.7-1.1.s390x"
},
"product_reference": "python38-nltk-3.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-nltk-3.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-nltk-3.7-1.1.x86_64"
},
"product_reference": "python38-nltk-3.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-nltk-3.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-nltk-3.7-1.1.aarch64"
},
"product_reference": "python39-nltk-3.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-nltk-3.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-nltk-3.7-1.1.ppc64le"
},
"product_reference": "python39-nltk-3.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-nltk-3.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-nltk-3.7-1.1.s390x"
},
"product_reference": "python39-nltk-3.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-nltk-3.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-nltk-3.7-1.1.x86_64"
},
"product_reference": "python39-nltk-3.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3828"
}
],
"notes": [
{
"category": "general",
"text": "nltk is vulnerable to Inefficient Regular Expression Complexity",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-nltk-3.7-1.1.aarch64",
"openSUSE Tumbleweed:python310-nltk-3.7-1.1.ppc64le",
"openSUSE Tumbleweed:python310-nltk-3.7-1.1.s390x",
"openSUSE Tumbleweed:python310-nltk-3.7-1.1.x86_64",
"openSUSE Tumbleweed:python38-nltk-3.7-1.1.aarch64",
"openSUSE Tumbleweed:python38-nltk-3.7-1.1.ppc64le",
"openSUSE Tumbleweed:python38-nltk-3.7-1.1.s390x",
"openSUSE Tumbleweed:python38-nltk-3.7-1.1.x86_64",
"openSUSE Tumbleweed:python39-nltk-3.7-1.1.aarch64",
"openSUSE Tumbleweed:python39-nltk-3.7-1.1.ppc64le",
"openSUSE Tumbleweed:python39-nltk-3.7-1.1.s390x",
"openSUSE Tumbleweed:python39-nltk-3.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3828",
"url": "https://www.suse.com/security/cve/CVE-2021-3828"
},
{
"category": "external",
"summary": "SUSE Bug 1191030 for CVE-2021-3828",
"url": "https://bugzilla.suse.com/1191030"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-nltk-3.7-1.1.aarch64",
"openSUSE Tumbleweed:python310-nltk-3.7-1.1.ppc64le",
"openSUSE Tumbleweed:python310-nltk-3.7-1.1.s390x",
"openSUSE Tumbleweed:python310-nltk-3.7-1.1.x86_64",
"openSUSE Tumbleweed:python38-nltk-3.7-1.1.aarch64",
"openSUSE Tumbleweed:python38-nltk-3.7-1.1.ppc64le",
"openSUSE Tumbleweed:python38-nltk-3.7-1.1.s390x",
"openSUSE Tumbleweed:python38-nltk-3.7-1.1.x86_64",
"openSUSE Tumbleweed:python39-nltk-3.7-1.1.aarch64",
"openSUSE Tumbleweed:python39-nltk-3.7-1.1.ppc64le",
"openSUSE Tumbleweed:python39-nltk-3.7-1.1.s390x",
"openSUSE Tumbleweed:python39-nltk-3.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-nltk-3.7-1.1.aarch64",
"openSUSE Tumbleweed:python310-nltk-3.7-1.1.ppc64le",
"openSUSE Tumbleweed:python310-nltk-3.7-1.1.s390x",
"openSUSE Tumbleweed:python310-nltk-3.7-1.1.x86_64",
"openSUSE Tumbleweed:python38-nltk-3.7-1.1.aarch64",
"openSUSE Tumbleweed:python38-nltk-3.7-1.1.ppc64le",
"openSUSE Tumbleweed:python38-nltk-3.7-1.1.s390x",
"openSUSE Tumbleweed:python38-nltk-3.7-1.1.x86_64",
"openSUSE Tumbleweed:python39-nltk-3.7-1.1.aarch64",
"openSUSE Tumbleweed:python39-nltk-3.7-1.1.ppc64le",
"openSUSE Tumbleweed:python39-nltk-3.7-1.1.s390x",
"openSUSE Tumbleweed:python39-nltk-3.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-3828"
}
]
}
OPENSUSE-SU-2025:15099-1
Vulnerability from csaf_opensuse - Published: 2025-05-17 00:00 - Updated: 2025-05-17 00:00Summary
python311-nltk-3.9.1-2.4 on GA media
Severity
Moderate
Notes
Title of the patch: python311-nltk-3.9.1-2.4 on GA media
Description of the patch: These are all security issues fixed in the python311-nltk-3.9.1-2.4 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15099
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python311-nltk-3.9.1-2.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-nltk-3.9.1-2.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-nltk-3.9.1-2.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-nltk-3.9.1-2.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-nltk-3.9.1-2.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-nltk-3.9.1-2.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-nltk-3.9.1-2.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-nltk-3.9.1-2.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-nltk-3.9.1-2.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-nltk-3.9.1-2.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-nltk-3.9.1-2.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-nltk-3.9.1-2.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
7 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python311-nltk-3.9.1-2.4 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python311-nltk-3.9.1-2.4 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15099",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15099-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:15099-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IU7FYQGVQSZK33SCY55RWQPTCX6OVM3Q/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:15099-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IU7FYQGVQSZK33SCY55RWQPTCX6OVM3Q/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3828 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3828/"
}
],
"title": "python311-nltk-3.9.1-2.4 on GA media",
"tracking": {
"current_release_date": "2025-05-17T00:00:00Z",
"generator": {
"date": "2025-05-17T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15099-1",
"initial_release_date": "2025-05-17T00:00:00Z",
"revision_history": [
{
"date": "2025-05-17T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python311-nltk-3.9.1-2.4.aarch64",
"product": {
"name": "python311-nltk-3.9.1-2.4.aarch64",
"product_id": "python311-nltk-3.9.1-2.4.aarch64"
}
},
{
"category": "product_version",
"name": "python312-nltk-3.9.1-2.4.aarch64",
"product": {
"name": "python312-nltk-3.9.1-2.4.aarch64",
"product_id": "python312-nltk-3.9.1-2.4.aarch64"
}
},
{
"category": "product_version",
"name": "python313-nltk-3.9.1-2.4.aarch64",
"product": {
"name": "python313-nltk-3.9.1-2.4.aarch64",
"product_id": "python313-nltk-3.9.1-2.4.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-nltk-3.9.1-2.4.ppc64le",
"product": {
"name": "python311-nltk-3.9.1-2.4.ppc64le",
"product_id": "python311-nltk-3.9.1-2.4.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-nltk-3.9.1-2.4.ppc64le",
"product": {
"name": "python312-nltk-3.9.1-2.4.ppc64le",
"product_id": "python312-nltk-3.9.1-2.4.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-nltk-3.9.1-2.4.ppc64le",
"product": {
"name": "python313-nltk-3.9.1-2.4.ppc64le",
"product_id": "python313-nltk-3.9.1-2.4.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-nltk-3.9.1-2.4.s390x",
"product": {
"name": "python311-nltk-3.9.1-2.4.s390x",
"product_id": "python311-nltk-3.9.1-2.4.s390x"
}
},
{
"category": "product_version",
"name": "python312-nltk-3.9.1-2.4.s390x",
"product": {
"name": "python312-nltk-3.9.1-2.4.s390x",
"product_id": "python312-nltk-3.9.1-2.4.s390x"
}
},
{
"category": "product_version",
"name": "python313-nltk-3.9.1-2.4.s390x",
"product": {
"name": "python313-nltk-3.9.1-2.4.s390x",
"product_id": "python313-nltk-3.9.1-2.4.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-nltk-3.9.1-2.4.x86_64",
"product": {
"name": "python311-nltk-3.9.1-2.4.x86_64",
"product_id": "python311-nltk-3.9.1-2.4.x86_64"
}
},
{
"category": "product_version",
"name": "python312-nltk-3.9.1-2.4.x86_64",
"product": {
"name": "python312-nltk-3.9.1-2.4.x86_64",
"product_id": "python312-nltk-3.9.1-2.4.x86_64"
}
},
{
"category": "product_version",
"name": "python313-nltk-3.9.1-2.4.x86_64",
"product": {
"name": "python313-nltk-3.9.1-2.4.x86_64",
"product_id": "python313-nltk-3.9.1-2.4.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-nltk-3.9.1-2.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-nltk-3.9.1-2.4.aarch64"
},
"product_reference": "python311-nltk-3.9.1-2.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-nltk-3.9.1-2.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-nltk-3.9.1-2.4.ppc64le"
},
"product_reference": "python311-nltk-3.9.1-2.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-nltk-3.9.1-2.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-nltk-3.9.1-2.4.s390x"
},
"product_reference": "python311-nltk-3.9.1-2.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-nltk-3.9.1-2.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-nltk-3.9.1-2.4.x86_64"
},
"product_reference": "python311-nltk-3.9.1-2.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-nltk-3.9.1-2.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-nltk-3.9.1-2.4.aarch64"
},
"product_reference": "python312-nltk-3.9.1-2.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-nltk-3.9.1-2.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-nltk-3.9.1-2.4.ppc64le"
},
"product_reference": "python312-nltk-3.9.1-2.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-nltk-3.9.1-2.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-nltk-3.9.1-2.4.s390x"
},
"product_reference": "python312-nltk-3.9.1-2.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-nltk-3.9.1-2.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-nltk-3.9.1-2.4.x86_64"
},
"product_reference": "python312-nltk-3.9.1-2.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-nltk-3.9.1-2.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-nltk-3.9.1-2.4.aarch64"
},
"product_reference": "python313-nltk-3.9.1-2.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-nltk-3.9.1-2.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-nltk-3.9.1-2.4.ppc64le"
},
"product_reference": "python313-nltk-3.9.1-2.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-nltk-3.9.1-2.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-nltk-3.9.1-2.4.s390x"
},
"product_reference": "python313-nltk-3.9.1-2.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-nltk-3.9.1-2.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-nltk-3.9.1-2.4.x86_64"
},
"product_reference": "python313-nltk-3.9.1-2.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3828"
}
],
"notes": [
{
"category": "general",
"text": "nltk is vulnerable to Inefficient Regular Expression Complexity",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python311-nltk-3.9.1-2.4.aarch64",
"openSUSE Tumbleweed:python311-nltk-3.9.1-2.4.ppc64le",
"openSUSE Tumbleweed:python311-nltk-3.9.1-2.4.s390x",
"openSUSE Tumbleweed:python311-nltk-3.9.1-2.4.x86_64",
"openSUSE Tumbleweed:python312-nltk-3.9.1-2.4.aarch64",
"openSUSE Tumbleweed:python312-nltk-3.9.1-2.4.ppc64le",
"openSUSE Tumbleweed:python312-nltk-3.9.1-2.4.s390x",
"openSUSE Tumbleweed:python312-nltk-3.9.1-2.4.x86_64",
"openSUSE Tumbleweed:python313-nltk-3.9.1-2.4.aarch64",
"openSUSE Tumbleweed:python313-nltk-3.9.1-2.4.ppc64le",
"openSUSE Tumbleweed:python313-nltk-3.9.1-2.4.s390x",
"openSUSE Tumbleweed:python313-nltk-3.9.1-2.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3828",
"url": "https://www.suse.com/security/cve/CVE-2021-3828"
},
{
"category": "external",
"summary": "SUSE Bug 1191030 for CVE-2021-3828",
"url": "https://bugzilla.suse.com/1191030"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python311-nltk-3.9.1-2.4.aarch64",
"openSUSE Tumbleweed:python311-nltk-3.9.1-2.4.ppc64le",
"openSUSE Tumbleweed:python311-nltk-3.9.1-2.4.s390x",
"openSUSE Tumbleweed:python311-nltk-3.9.1-2.4.x86_64",
"openSUSE Tumbleweed:python312-nltk-3.9.1-2.4.aarch64",
"openSUSE Tumbleweed:python312-nltk-3.9.1-2.4.ppc64le",
"openSUSE Tumbleweed:python312-nltk-3.9.1-2.4.s390x",
"openSUSE Tumbleweed:python312-nltk-3.9.1-2.4.x86_64",
"openSUSE Tumbleweed:python313-nltk-3.9.1-2.4.aarch64",
"openSUSE Tumbleweed:python313-nltk-3.9.1-2.4.ppc64le",
"openSUSE Tumbleweed:python313-nltk-3.9.1-2.4.s390x",
"openSUSE Tumbleweed:python313-nltk-3.9.1-2.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python311-nltk-3.9.1-2.4.aarch64",
"openSUSE Tumbleweed:python311-nltk-3.9.1-2.4.ppc64le",
"openSUSE Tumbleweed:python311-nltk-3.9.1-2.4.s390x",
"openSUSE Tumbleweed:python311-nltk-3.9.1-2.4.x86_64",
"openSUSE Tumbleweed:python312-nltk-3.9.1-2.4.aarch64",
"openSUSE Tumbleweed:python312-nltk-3.9.1-2.4.ppc64le",
"openSUSE Tumbleweed:python312-nltk-3.9.1-2.4.s390x",
"openSUSE Tumbleweed:python312-nltk-3.9.1-2.4.x86_64",
"openSUSE Tumbleweed:python313-nltk-3.9.1-2.4.aarch64",
"openSUSE Tumbleweed:python313-nltk-3.9.1-2.4.ppc64le",
"openSUSE Tumbleweed:python313-nltk-3.9.1-2.4.s390x",
"openSUSE Tumbleweed:python313-nltk-3.9.1-2.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-17T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-3828"
}
]
}
PYSEC-2021-356
Vulnerability from pysec - Published: 2021-09-27 13:15 - Updated: 2021-10-01 22:29
VLAI
Details
nltk is vulnerable to Inefficient Regular Expression Complexity
Impacted products
| Name | purl | nltk | pkg:pypi/nltk |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "nltk",
"purl": "pkg:pypi/nltk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "277711ab1dec729e626b27aab6fa35ea5efbd7e6"
}
],
"repo": "https://github.com/nltk/nltk",
"type": "GIT"
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.6.4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.8",
"0.9",
"0.9.3",
"0.9.4",
"0.9.5",
"0.9.6",
"0.9.7",
"0.9.8",
"0.9.9",
"2.0.1",
"2.0.1rc1",
"2.0.1rc2-git",
"2.0.1rc3",
"2.0.1rc4",
"2.0.2",
"2.0.3",
"2.0.4",
"2.0.5",
"2.0b4",
"2.0b5",
"2.0b6",
"2.0b7",
"2.0b8",
"2.0b9",
"3.0.0",
"3.0.0b1",
"3.0.0b2",
"3.0.1",
"3.0.2",
"3.0.3",
"3.0.4",
"3.0.5",
"3.1",
"3.2",
"3.2.1",
"3.2.2",
"3.2.3",
"3.2.4",
"3.2.5",
"3.3",
"3.4",
"3.4.1",
"3.4.2",
"3.4.3",
"3.4.4",
"3.4.5",
"3.5",
"3.5b1",
"3.6",
"3.6.1",
"3.6.2",
"3.6.3"
]
}
],
"aliases": [
"CVE-2021-3828",
"GHSA-2ww3-fxvq-293j"
],
"details": "nltk is vulnerable to Inefficient Regular Expression Complexity",
"id": "PYSEC-2021-356",
"modified": "2021-10-01T22:29:03.465380Z",
"published": "2021-09-27T13:15:00Z",
"references": [
{
"type": "WEB",
"url": "https://huntr.dev/bounties/d19aed43-75bc-4a03-91a0-4d0bb516bc32"
},
{
"type": "FIX",
"url": "https://github.com/nltk/nltk/commit/277711ab1dec729e626b27aab6fa35ea5efbd7e6"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-2ww3-fxvq-293j"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…