Python/nltk/3.8
Natural Language Toolkit
https://pypi.org/project/nltk
Apache-2.0
1 Security Vulnerabilities
ntlk unsafe deserialization vulnerability
Published date: 2024-06-28T00:33:31Z
CVE: CVE-2024-39705
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2024-39705
- https://github.com/nltk/nltk/issues/2522
- https://github.com/nltk/nltk/issues/3266
- https://github.com/advisories/GHSA-cgvx-9447-vcch
- https://github.com/nltk/nltk/commit/441aecb7d33014bd08672232c6c8bb69c2ceaba2
- https://www.vicarius.io/vsociety/posts/rce-in-python-nltk-cve-2024-39705-39706
- https://github.com/pypa/advisory-database/tree/main/vulns/nltk/PYSEC-2024-167.yaml
NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averagedperceptrontagger and punkt.
Affected versions:
["0.8", "0.9.4", "0.9.5", "0.9.6", "0.9.8", "0.9.9", "2.0.1", "2.0.1rc3", "2.0.1rc4", "2.0.5", "2.0b4", "3.0.0", "3.0.0b1", "3.0.1", "3.0.2", "3.0.3", "3.0.4", "3.0.5", "3.1", "3.2.1", "3.2.3", "3.4.4", "3.5", "3.5b1", "3.6", "0.9", "0.9.3", "0.9.7", "2.0.1rc1", "2.0.1rc2-git", "2.0.2", "2.0.3", "2.0.4", "2.0b5", "2.0b6", "2.0b7", "2.0b8", "2.0b9", "3.0.0b2", "3.2", "3.2.2", "3.2.4", "3.2.5", "3.3", "3.4", "3.4.1", "3.4.2", "3.4.3", "3.4.5", "3.6.1", "3.6.2", "3.6.3", "3.6.4", "3.6.5", "3.6.6", "3.6.7", "3.7", "3.8", "3.8.1", "3.8.2", "3.9b1"]
Secure versions:
[3.9, 3.9.1]
Recommendation:
Update to version 3.9.1.
63 Other Versions
| Version | License | Security | Released | |
|---|---|---|---|---|
| 3.9.1 | Apache-2.0 | 1970-01-01 - 00:00 | over 55 years | |
| 3.9 | Apache-2.0 | 1970-01-01 - 00:00 | over 55 years | |
| 3.8.2 | Apache-2.0 | 1 | 1970-01-01 - 00:00 | over 55 years |
| 3.8.1 | Apache-2.0 | 1 | 1970-01-01 - 00:00 | over 55 years |
| 3.8 | Apache-2.0 | 1 | 1970-01-01 - 00:00 | over 55 years |
| 3.7 | Apache-2.0 | 1 | 2022-02-09 - 12:40 | over 3 years |
| 3.6.7 | Apache-2.0 | 1 | 2021-12-28 - 23:28 | over 3 years |
| 3.6.6 | Apache-2.0 | 1 | 2021-12-21 - 02:16 | over 3 years |
| 3.6.5 | Apache-2.0 | 3 | 2021-10-11 - 03:49 | over 3 years |
| 3.6.4 | Apache-2.0 | 3 | 2021-10-01 - 01:58 | almost 4 years |
| 3.6.3 | Apache-2.0 | 4 | 2021-09-20 - 06:00 | almost 4 years |
| 3.6.2 | Apache-2.0 | 4 | 2021-04-20 - 07:42 | about 4 years |
| 3.6.1 | Apache-2.0 | 4 | 2021-04-07 - 21:36 | about 4 years |
| 3.6 | Apache-2.0 | 4 | 2021-04-07 - 10:49 | about 4 years |
| 3.5 | Apache-2.0 | 4 | 2020-04-12 - 23:46 | about 5 years |
| 3.4.5 | Apache-2.0 | 4 | 2019-08-20 - 10:55 | almost 6 years |
| 3.4.4 | Apache-2.0 | 5 | 2019-07-04 - 11:09 | about 6 years |
| 3.4.3 | Apache-2.0 | 5 | 2019-06-06 - 17:52 | about 6 years |
| 3.4.2 | Apache-2.0 | 5 | 2019-06-06 - 04:02 | about 6 years |
| 3.4.1 | Apache-2.0 | 5 | 2019-04-17 - 10:48 | about 6 years |
| 3.4 | Apache-2.0 | 5 | 2018-11-17 - 08:04 | over 6 years |
| 3.3 | Apache-2.0 | 5 | 2018-05-06 - 02:27 | about 7 years |
| 3.2.5 | Apache-2.0 | 5 | 2017-09-24 - 11:36 | almost 8 years |
| 3.2.4 | Apache-2.0 | 5 | 2017-05-20 - 22:49 | about 8 years |
| 3.2.3 | Apache-2.0 | 5 | 2017-05-17 - 20:59 | about 8 years |
| 3.2.2 | Apache-2.0 | 5 | 2016-12-31 - 21:47 | over 8 years |
| 3.2.1 | Apache-2.0 | 5 | 2016-04-09 - 10:06 | about 9 years |
| 3.2 | Apache-2.0 | 5 | 2016-03-03 - 01:12 | over 9 years |
| 3.1 | Apache-2.0 | 5 | 2015-10-15 - 19:51 | over 9 years |
| 3.0.5 | Apache-2.0 | 5 | 2015-09-06 - 02:51 | almost 10 years |
| 3.0.4 | Apache-2.0 | 5 | 2015-07-13 - 01:39 | almost 10 years |
| 3.0.3 | Apache-2.0 | 5 | 2015-06-11 - 10:59 | about 10 years |
| 3.0.2 | Apache-2.0 | 5 | 2015-03-13 - 03:43 | over 10 years |
| 3.0.1 | Apache-2.0 | 5 | 2015-01-12 - 23:11 | over 10 years |
| 3.0.0 | Apache-2.0 | 5 | 2015-01-12 - 00:24 | over 10 years |
| 3.0.0b2 | Apache-2.0 | 5 | 2014-08-26 - 00:56 | almost 11 years |
| 3.0.0b1 | Apache-2.0 | 5 | 2014-07-11 - 13:32 | almost 11 years |
| 2.0.5 | Apache-2.0 | 5 | 2015-01-12 - 22:55 | over 10 years |
| 2.0.4 | Apache-2.0 | 5 | 2015-01-12 - 22:58 | over 10 years |
| 2.0.3 | Apache-2.0 | 5 | 2012-09-24 - 09:34 | almost 13 years |
| 2.0.2 | Apache-2.0 | 5 | 2012-07-05 - 12:08 | about 13 years |
| 2.0.1 | Apache-2.0 | 5 | 2012-05-15 - 04:29 | about 13 years |
| 2.0.1rc4 | Apache-2.0 | 5 | 2012-02-10 - 00:01 | over 13 years |
| 2.0.1rc3 | Apache-2.0 | 5 | 2012-01-07 - 06:41 | over 13 years |
| 2.0.1rc1 | Apache-2.0 | 5 | 2011-04-11 - 08:04 | about 14 years |
| 2.0.1rc2-git | Apache-2.0 | 5 | 2011-12-01 - 04:45 | over 13 years |
| 0.9.9 | GPL | 5 | 1970-01-01 - 00:00 | over 55 years |
| 0.9.8 | GPL | 5 | 1970-01-01 - 00:00 | over 55 years |
| 0.9.7 | GPL | 5 | 1970-01-01 - 00:00 | over 55 years |
| 0.9.6 | GPL | 5 | 1970-01-01 - 00:00 | over 55 years |