NLTK Downloader Directory Traversal Vulnerability

NLTK Downloader Directory Traversal Vulnerability

CVE-2019-14751 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction.

Learn more about our Web Application Penetration Testing UK.