CVE-2024-39705 Common Vulnerabilities and Exposures

Upstream information

CVE-2024-39705 at MITRE

Description

NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perceptron_tagger and punkt.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently not rated by SUSE as it is not affecting the SUSE Enterprise products.

SUSE Bugzilla entry: 1227174 [NEW]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE Tumbleweed	`python310-nltk >= 3.8.1-2.1` `python311-nltk >= 3.8.1-2.1` `python312-nltk >= 3.8.1-2.1`	Patchnames: openSUSE-Tumbleweed-2024-14103

SUSE Timeline for this CVE

CVE page created: Fri Jun 28 02:00:14 2024
CVE page last modified: Fri Jul 5 00:51:57 2024