NLTK Downloader before 3.4.5 is... CVE-2019-14751

5.0 AV AC AU C I A
发布: 2019-08-22
修订: 2019-09-10

NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction.

0%
暂无可用Exp或PoC
当前有28条受影响产品信息