CVE-2019-14751: Path Traversal
(updated )
NLTK Downloader is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../
in an NLTK package (ZIP archive) that is mishandled during extraction.
References
Detect and mitigate CVE-2019-14751 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →