Steven Bird

1 exploit Active since Aug 2019
CVE-2019-14751 WRITEUP HIGH WRITEUP
nltk < 3.4.5 - Arbitrary File Write via Directory Traversal in Package Extraction
NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction.
CVSS 7.5