Vulnerability Name:

CVE-2019-14751 (CCN-165700)

Assigned:2019-08-20
Published:2019-08-20
Updated:2020-03-27
Summary:NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:C/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Complete
Availibility (A): None
Vulnerability Type:CWE-22
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2019-14751

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2020:0436

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2020:0440

Source: XF
Type: UNKNOWN
nltkdownloader-cve201914751-dir-traversal(165700)

Source: MISC
Type: Exploit, Patch, Third Party Advisory
https://github.com/mssalvatore/CVE-2019-14751_PoC

Source: CONFIRM
Type: Release Notes
https://github.com/nltk/nltk/blob/3.4.5/ChangeLog

Source: CONFIRM
Type: Patch
https://github.com/nltk/nltk/commit/f59d7ed8df2e0e957f7f247fe218032abdbe9a10

Source: FEDORA
Type: UNKNOWN
FEDORA-2020-0f785235bb

Source: FEDORA
Type: UNKNOWN
FEDORA-2020-1b90085f8d

Source: CCN
Type: Salvatore Security Web site
Zip Slip in NLTK (CVE-2019-14751)

Source: MISC
Type: Exploit, Patch, Third Party Advisory
https://salvatoresecurity.com/zip-slip-in-nltk-cve-2019-14751/

Source: CCN
Type: NLTK Web site
NLTK Downloader

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2019-14751

Vulnerable Configuration:Configuration 1:
  • cpe:/a:nltk:nltk:*:*:*:*:*:*:*:* (Version < 3.4.5)

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:201914751
    V
    		CVE-2019-14751
    2022-06-30
    oval:org.opensuse.security:def:113275
    P
    		python36-nltk-3.5-1.10 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:93585
    P
    		 (Moderate)
    2021-11-09
    oval:org.opensuse.security:def:64603
    P
    		Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:106687
    P
    		python36-nltk-3.5-1.10 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:74657
    P
    		Security update for the Linux Kernel (Important)
    2021-08-17
    oval:org.opensuse.security:def:63494
    P
    		libsnmp30-32bit-5.7.3-8.24 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:62820
    P
    		newt-devel-0.52.20-5.35 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62788
    P
    		libical-devel-3.0.6-4.3.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62998
    P
    		cpp10-10.2.1+git583-1.3.4 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62792
    P
    		libjbig2-32bit-2.1-1.31 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62795
    P
    		liblouis-data-3.11.0-1.42 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:64545
    P
    		Security update for the Linux Kernel (Important)
    2021-07-14
    oval:org.opensuse.security:def:100298
    P
    		 (Important)
    2021-06-17
    oval:org.opensuse.security:def:64715
    P
    		Security update for python-rsa (Important)
    2021-06-17
    oval:org.opensuse.security:def:64443
    P
    		Security update for python-urllib3 (Moderate)
    2020-12-09
    oval:org.opensuse.security:def:63641
    P
    		openconnect-7.08-6.6.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63291
    P
    		openssh-fips-8.1p1-3.21 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:74790
    P
    		Security update for python-nltk (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64335
    P
    		libjansson-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64336
    P
    		libjasper4 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:63870
    P
    		Security update for java-1_8_0-openjdk (Important)
    2020-12-01
    oval:org.opensuse.security:def:64199
    P
    		ruby2.5-rubygem-loofah on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:110452
    P
    		Security update for python-nltk (Moderate)
    2020-03-31
    oval:com.ubuntu.disco:def:2019147510000000
    V
    		CVE-2019-14751 on Ubuntu 19.04 (disco) - medium.
    2019-08-22
    oval:com.ubuntu.bionic:def:2019147510000000
    V
    		CVE-2019-14751 on Ubuntu 18.04 LTS (bionic) - medium.
    2019-08-22
    oval:com.ubuntu.xenial:def:2019147510000000
    V
    		CVE-2019-14751 on Ubuntu 16.04 LTS (xenial) - medium.
    2019-08-22
    BACK
    nltk nltk *